A California assemblywoman has proposed a new law that would require companies to be more transparent about how they share residents' data with third parties.
In February, Democratic Assemblywoman Bonnie Lowenthal introduced the Right to Know Act of 2013, which takes a page from European privacy laws that require businesses to be forthcoming with consumers about the types of information they gather and disclose. On Monday, amendments to the bill were announced in California Assembly.
If passed, the bill would update existing California law to require businesses to share all the ways customer data is disseminated. Companies would have to disclose, for instance, third-party applications, online advertisers, and data brokers they've shared consumer data with over the past 12 months. Businesses would have 30 days to honor customers' requests for this information.
Consumer rights groups such as the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) have backed the new “Right to Know” bill. However, business-interest groups such as the California Chamber of Commerce and TechAmerica are worried the measure would lead to onerous compliance costs for organizations.
Nicole Ozer, technology and civil liberties policy director at the ACLU of California, said that the privacy law's aim is not to browbeat companies by promulgating new restrictions, but to encourage transparency – and, potentially, better data-collection practices in general.
“The law also encourages them to anonymize information before they collect or share it,” Ozer told SCMagazine.com Thursday. She added that “the burden on companies is really commensurate with how much personal information they are collecting or disclosing. If they are taking the steps to anonymize information, they have no burden.”
In a Tuesday blog post, EFF Activism Director Rainey Reitman said major companies have made questionable decisions of how they collect information, necessitating a law that would encourage transparency.
Last fall, for instance, privacy groups criticized Facebook's deal with marketing data company Datalogix, accusing the social networking site of violating the terms of an 2011 agreement it made with the Federal Trade Commission to change deceptive data-sharing practices.
Reitman said she hopes other states follow California's example and work to pass similar legislation.
The Golden State traditionally has led the pack on matters of privacy legislation, starting with the landmark 2003 data breach notification law, which nearly all 49 other states have followed with versions of their own. Last year, the California also began to strictly police a law requiring operators of mobile app platforms to make their privacy policies “conspicuous” to users.