AP – Companies must notify California residents of their data privacy rights in plain language and must verify people’s identities before releasing data, state officials proposed on Thursday.
California Attorney General Xavier Becerra announced draft regulations that also spell out ways people can ask for their personal information to be deleted from company databases.
The rules are being drafted to implement a landmark state privacy law taking effect in January. The law allows California residents to learn what information companies hold on them, request deletion and opt out of the sale of their personal info.
Although only California residents can make requests, the law is expected to have broader impact on how companies manage and sell people’s information online. That’s because companies outside the state must comply if they meet relatively low thresholds.
“Data is today’s gold,” Becerra said at a press conference in San Francisco. “Everyone is rushing to mine data.”
The law was born out of a desire for people to have more control over their personal information online. It’s a topic that has been top of mind in recent years as high profile leaks, smarter home artificial intelligence systems and targeted advertisements show just how much companies know about their customers.
Privacy experts and researchers expect California’s law to pave the way for laws from other states and possibly Congress.
California’s privacy law has been a hot-button issue for lobbyists all year, often pitting tech industry interest groups against privacy rights advocates. But neither side made major traction during the year, and the bill that was finalised last month remains largely unchanged from the original version.