“What Does California’s New Data Privacy Law Mean? Nobody Agrees”

The new California law on consumer data is stringent but, as is so often the case with that state’s legislation, less than pellucidly clear [Natasha Singer, New York Times] :

“Companies have different interpretations, and depending on which lawyer they are using, they’re going to get different advice,” said Kabir Barday, the chief executive of OneTrust, a privacy management software service that has worked with more than 4,000 companies to prepare for the law. “I’ll call it a religious war.”

The new law has national implications because many companies, like Microsoft, say they will apply their changes to all users in the United States rather than give Californians special treatment.

One Comment

  • CA law on consumer data may be “stringent but, … less than pellucidly clear”.

    But CA law on the state selling driver license and vehicle registration data to private businesses is “pellucidly clear”: The state can (and does) sell driver license and vehicle registration information in bulk to any business the state chooses, without notifying you.

    From the CA DMV website, dmv.ca.gov “privacy policy” page:

    CVC sections 1810 and 1810.2 allow government and commercial requesters who have been issued a requester code by the department to obtain the public driver’s license record or vehicle registration record for a governmental or legitimate business use without notifying you.

    If you’ve ever received unsolicited commercial phone calls from fly-by-night outfits who address you by name, and know your age and address, who try to sell you insurance, or anything else, they may have gotten the information from the CA DMV.

    Or, they may have gotten your information from a data breach at some other “commercial requester” who got the information “legitimately” from the CA DMV by having a “requester code”.

    CA policy on the state’s selling your personal information does not even rise to the level of a bad joke.