New data privacy law took effect in January, with a six-month grace period
A digital privacy law that went into effect in California on January 1 will be enforced starting today, despite tech industry demands to delay enforcement because of the ever-worsening coronavirus pandemic.
“For sure we will start enforcing on July 1,” said California Attorney General Xavier Becerra of the California Consumer Privacy Act (CCPA).
Reports Rachel Lerman at the Washington Post:
The law went into effect Jan. 1 after a winding and sometimes surprising route through a voter ballot process, the state legislature and a contentious amendment period culminating in a final version last fall. It gives consumers in the state — and many outside California — broad ability to be able to request that companies tell them what personal data they hold on each person and to ask companies to stop selling their personal data to third-party advertisers or others. The law gave companies six months after it took effect before enforcement began, though Becerra noted that companies had to begin complying in January.
But that all hinges on people actually using the law, which puts the onus on consumers to initiate the process with companies. Becerra said his office has received some complaints about how companies are responding. He urged people to make it a habit to read the required disclosures on companies’ homepages every time they visit a new website.
Starting Wednesday, Becerra’s office is able to start sending businesses warnings that they might be in violation of the law and give them 30 days to fix the issues before facing possible fines or lawsuits.
More than two dozen trade associations and business groups asked the state in March to delay enforcement because of business disruptions caused by the pandemic. The letter, which was signed by the Interactive Advertising Bureau, the Internet Coalition and the California U.S. Chamber of Commerce, pointed out that the state-issued regulations for the law haven’t been finalized.