The new California law on consumer data is stringent but, as is so often the case with that state’s legislation, less than pellucidly clear [Natasha Singer, New York Times] :
“Companies have different interpretations, and depending on which lawyer they are using, they’re going to get different advice,” said Kabir Barday, the chief executive of OneTrust, a privacy management software service that has worked with more than 4,000 companies to prepare for the law. “I’ll call it a religious war.”
The new law has national implications because many companies, like Microsoft, say they will apply their changes to all users in the United States rather than give Californians special treatment.
One Comment
CA law on consumer data may be “stringent but, … less than pellucidly clear”.
But CA law on the state selling driver license and vehicle registration data to private businesses is “pellucidly clear”: The state can (and does) sell driver license and vehicle registration information in bulk to any business the state chooses, without notifying you.
From the CA DMV website, dmv.ca.gov “privacy policy” page:
If you’ve ever received unsolicited commercial phone calls from fly-by-night outfits who address you by name, and know your age and address, who try to sell you insurance, or anything else, they may have gotten the information from the CA DMV.
Or, they may have gotten your information from a data breach at some other “commercial requester” who got the information “legitimately” from the CA DMV by having a “requester code”.
CA policy on the state’s selling your personal information does not even rise to the level of a bad joke.