Limits on California's Game-Changing Privacy Law

By William Vogeler, Esq. on June 29, 2018 | Last updated on March 21, 2019

When Gov. Jerry Brown signed the new data collection law, it scuttled a ballot initiative that would have left the door wide open for damages against companies violating the law.

The California Consumer Privacy Act, however, limits consumers to $750 for breaches of their non-encrypted personal information. The limit was a compromise between privacy advocates and legislators, who agreed to put a lower ceiling on companies subject to the deal.

Despite the limit on damages, Silicon Valley was troubled that the governor signed the law. But consumers, including more than 365,880 who signed the ballot petition, were happy.

A "Milestone Moment" for Consumers

Consumer groups called it a "milestone moment" because it gives consumers the right to know what personal information is being collected about them and whether it is being sold and to whom. It also empowers them to delete the collected information and to stop the sale of their information.

"Consumers would have the right to request all the data collected about them from a business up to twice a year, and businesses would be required to disclose the information free of charge," Ars Technica reported.

The Internet Association, a lobbying group for tech companies, was not so thrilled. They said policymakers should "correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California's consumers and businesses alike."

$25 Million Limit

The ballot measure would have regulated companies that had annual gross revenues of $50 million or more. The new privacy act applies to businesses that gross at least $25 million.

Also to be subject to the law, the businesses must interact with information to 50,000 or more people, households or devices, or make half of its annual revenue from selling personal information.

Related Resources:

Copied to clipboard