California adopts privacy law aimed at protecting consumer data

Dive Brief:

California's state legislature passed a new privacy law on June 28 that will likely have a major effect on technology, media and entertainment companies when it goes into effect in 2020, according to a report in Variety. The California Consumer Privacy Act of 2018 grants consumers the right to request the data that businesses collect on them and to ask businesses not to sell their data.
The law also imposes strict rules about how businesses disclose data collected from consumers and allows the state Attorney General to fine businesses for noncompliance. The measure was opposed by media, telecom and tech companies, including Amazon, Google, Microsoft, Comcast, AT&T and Verizon. Facebook was initially against the rule, but came out in favor of it following pressure from the Cambridge Analytica scandal, according to Variety.
Tech and media companies will likely add stricter privacy rules for all users, even those living outside of California. Online media businesses may be most affected by the law. They won't be allowed to discriminate against consumers who choose not to share their data but can offer financial incentives to consumers to agree to share data. Businesses could also charge consumers for not sharing their data with advertisers or other third parties.

Dive Insight:

The new law appears to mirror certain aspects of the European Union's General Data Protection Regulation (GDPR) and could have a considerable impact on how U.S. internet companies and marketers handle data privacy given how many industry players are based in California, especially business hubs like Silicon Valley. It could also inspire other states to pursue similar legislation.

The GDPR, which went into in late May, demands internet companies receive informed consent before collecting any information on European users, including the types used to target advertising. The laws have led many tech and media companies to change their data collection and use policies, and a U.S.-based regulation might be even more sharply felt.

Outside of GDPR, major digital advertising platforms like Google and Facebook have implemented new policies over the past several months aimed at protecting consumers and boosting ad transparency. These companies have, to date, been largely self-regulating, but repeated privacy scandals have raised the specter of more government oversight.

Google, for example, announced that it would support non-targeted ads for consumers who opt out of data collection and revised its user consent policies to comply with GDPR. Facebook is also requiring advertisers to tell users if the ads being targeted to them were based on information gleaned from data brokers. It also instituted a new process for how names of potential consumers provided by data brokers will be handled.

Facebook's Cambridge Analytica scandal, where the personal data of millions of users were misused by a firm with ties to the Trump presidential campaign, has put data privacy under a harsher spotlight this year, and inspired more federal and state lawmakers to closely examine the subject.

Consumers generally don't seem to mind sharing personal information with marketers but are growing to demand more transparency around how their data is collected and used. Marketers that are transparent and tell consumers how they are using their data to target ads see a lift in customer engagement and purchase intent, according to research by Maritz Motivation Solutions and Harvard Business School.