Starting Jan.1, the California Consumer Privacy Act will give people control over the personal information companies collect, store and share, the Associated Press reported on Wednesday (Dec. 18).
The law’s complex requirements kick in regardless of whether a company deals directly with consumers. The law concerns companies that conduct business in California and includes out-of-state companies that sell to California. The law can also include businesses that profit from services like payment processing or website hosting.
Companies are subject to the law if they have worldwide revenue above $25 million, or collect and receive California consumers’ personal information from 50,000 or more individuals, households or devices.
The Vampr app reaches roughly 1,000 users shy of the threshold, but it is expected the app will reach that milestone sometime in January. The Santa Monica, California-based company’s home state is its biggest market.
The law was passed by the California Legislature in June 2018 and aims to protect consumers from having their information sold without their knowledge or consent.
Consumers have the right to know what personal information companies collect from them, the California law says. “Under a key provision, companies must give consumers the option to have their information deleted from databases,” the law said.
The law covers a wide range of data including names, addresses, Social Security and passport numbers, email addresses, internet browsing histories, purchasing histories, personal property and health information, professional or employment information, educational records and information from GPS apps and programs.
The California statute takes effect Jan. 1; however, enforcement won’t begin until July 1.
Big Tech has faced a number of inquiries growing in scope and scrutiny as lawmakers have been focused on competitive practices and efforts to ensure data privacy and protection. One key state law that is in place, and which helps inform other laws, as has been reported, exists with the California Consumer Privacy Act, which in turn can be traced to the General Data Protection Regulation (GDPR) mandated by the European Union.