California Consumer Privacy Act could bring tech firms into line

California is continuing to push towards a new era of privacy on the internet, through the California Consumer Privacy Act that could impose strict new rules on how the tech firms process data.

The new law will force companies to reveal the data they collect, give users the right to delete their data and stop it from being sold on to third parties. It will also restrict how information can be used for online advertising.

Anxiety around the law, which was passed in June 2018, is set against a backdrop of public and political pressure on big consumer tech firms to come under increased regulation.

How this is to be achieved remains a point of contention, but champions of the movement point to the EU’s General Data Protection Regulation (GDPR) as a guiding light and standard-setter for implementing privacy protection on an international scale.

The California law will similarly try to grant users more control of their data, by giving them the chance to opt out of their information being sold, and letting consumers know what data the tech giants hold on them.

While officials try to push the California law forwards, tech lobbyists are seeking to weaken the new legislation’s impact, while privacy activists want to add to it. As such the future shape of the California law remains unclear.

Consumer support groups say the law could drive online privacy, but some experts say that if the law is diluted before it even comes into being, then companies will find ways to get around it and work the situation to their advantage.

Californian Republican, James Gallagher said:

“I think we can help set the standard for the nation. I think mostly the tech world is, on the surface, asking for some clarification and changes to the law that they feel are gray areas for companies to figure out how or whether they need to comply.”

“But I have a skeptical eye. Look, I want to make sure that whatever is being proposed as a cleanup measure isn’t a gaping hole,” he added.

Justin Brookman, director of tech policy at Consumer Reports, and a former Federal Trade Commission attorney, said:

“Silicon Valley has a lot of power. I’m hopeful that it won’t be meaningfully weakened. Do I feel confident that it won’t be? No.”

Meanwhile, the Internet Association, whose members include some of the biggest names in Silicon Valley, such as Google, Amazon and Facebook, has expressed its wish to “ensure that California residents have meaningful privacy laws.

New rights should come under one federal law, the Association said in a statement, “not a patchwork of state laws.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.