Top 5 Things to Know About the California Privacy Act

Back in March 2018, consumers were appalled to learn that over 50 million people were affected by the data breach of Cambridge Analytica. The data was collected and exploited through a simple personality quiz on Facebook. Once this was released, it was apparent that personal information was more accessible than ever to obtain encouraging the proponents of the new California Consumer Privacy Act to push on. The group, Californians for Consumer Privacy, led by Alastair Mactaggart, was initially triggered by the possibility of companies overstepping the privacy line back in 2014 when he happened to ask a Google engineer if he should be worried about internet privacy. The Google engineer responded by saying, “if people just understood how much we knew about them, they’d be really worried.”

cellhone user image for California privacy law post

What you need to know about AB 375

Californians for Consumer Privacy submitted over 600,000 signatures of citizens who wanted more control of how their data was being used. The group put together a people’s ballot initiative, which was originally to be presented in the November 2018 ballots, putting pressure on California legislature to pass a somewhat less restrictive version of the bill on June 28th.

Large California tech companies such as Google, Facebook, and AT&T are far from happy with the new privacy bill but prefer it over the original ballot initiative proposed by Mactaggart. With the law passed through legislation, it offers them a chance to make tweaks whereas with the original ballot initiative it would be hard to make changes due to the voting process.

Consumers will have greater control over their data. All personal information that can be used as personal identifiers is considered under this law. Below is a summary of what the AB 375 states:


  • Right to know all data collected by a business on you (twice annually, free of charge).
  • Right to say no to the sale of your information.
  • Right to delete your data.
  • Right to be informed of what categories of data will be collected about you prior to its collection, and to be informed of any changes to this collection.
  • Mandated opt-in before sale of children’s information (under the age of 16).
  • Right to know the categories of third parties with whom your data is shared.
  • Right to know the categories of sources of information from whom your data was acquired.
  • Right to know the business or commercial purpose of collecting your information.
  • Enforcement by the Attorney General.
  • Private right of action regarding data breaches only.

Many companies express that the bill is too broad when it comes to identified vs. de-identified users. De-identified refers to when personal information is not connected to one consumer, but rather in an aggregate format. It is still unclear what would be classified as “de-identified.” The use of cookies on a site is also a hot topic right now since most tracking tools use cookies to collect information. The bill does not clearly state its stance on the use of cookies which leads to an unclear understanding if cookies fall under the law’s exemption standard.

Opponents feel that the bill was extremely rushed and fear it may have lasting effects that are still unknown. California legislation spent a total of seven days putting together this bill, which is an extremely quick turnaround considering it took GDPR, a similar European Union bill, 4 years to be put together and passed.

Since June 28th, a few overarching effects are apparent. The bill increases the accountability of companies and makes it easier to sue after a data breach occurs. Companies will have to adhere to stricter regulations and can receive harsh penalties should they violate the law. Authorization to provide financial incentives for the collection of personal information, which is stated in the new bill, may change the way businesses interact with consumers. Some companies are finding loopholes due to the use of broad language which could lead to a reduction in the effectiveness of the bill.

As of right now, the law will go into effect in January of 2020. However, many, including the Californians for Privacy Act group, are unsure if the law will last until then. They foresee tech giants like Google, Facebook and Netflix to alter the bill to be less restrictive and conducive for their companies goals to reach more consumers by targeting their needs, interests, and predicting wants based on data collected.  

Let’s stay in touch! Follow Lunar on LinkedIn for company updates, industry news, employee spotlights and more.

Why Law Firms Need to Track Text Message Conversations with Clients

In the legal world, there’s a perfect storm brewing. With bar restrictions weakening in recent years allowing lawyers to more freely use text messages to communicate, more people glued to their smartphones than ever, and text messaging proving to be a preferred communication method compared to phone calls and emails, text messages can take your […]

Image of a space rocket

Track Sales Touchpoints Seamlessly in Salesforce for a 360-Degree View

Sales is Going Mobile Actually, we’re already there. Our cell phones are as powerful as our computers and allow us to work whenever and wherever we want. The ability to respond instantly and communicate through voice, text, and video has changed the sales process by increasing the volume and ease of making sales touchpoints. Customers […]