The new bill reinforces that all data brokers must register with the California privacy protection agency, and it requires the CPPA to establish an easy and free way for Californians to request that all data brokers in the state delete their data through a single page, regardless of how they acquired that information. If data brokers don’t comply with these rules, the bill stipulates they be fined or otherwise penalized.

Hopefully this becomes the standard nation wide. Having a single page where you can delete your accounts on multiple services with a single click sounds like a data privacy dream.

  • library_napper@monyet.cc
    link
    fedilink
    arrow-up
    83
    ·
    1 year ago

    many advertising companies have argued it would undermine their industry. Those companies buy and sell consumer information such as location, address, online activity and more to various clients including law enforcement.

    Lol. Thats the intent.

    • maynarkh@feddit.nl
      link
      fedilink
      arrow-up
      23
      arrow-down
      1
      ·
      1 year ago

      But the jobs! And the growth! The stocks! 401k!

      Why is no one thinking about the Line? /s

    • kibiz0r
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      CCPA covers PII, so no — a soft delete of PII would be laughably unacceptable.

      But you may be thinking of deidentification, which is valid as long as you aren’t accidentally contaminating it with PII… which is such a hard guarantee to uphold, that a lot of businesses are already erring on the side of deleting data that they’re actually permitted to retain — and partitioning anonymizable data from PII, making it more cumbersome to incorporate PII into analytics, too.

  • plz1@lemmy.world
    link
    fedilink
    English
    arrow-up
    53
    arrow-down
    2
    ·
    1 year ago

    an easy and free way for Californians to request that all data brokers in the state

    So what about data brokers not in the state, or even in the US? CA brokers could just reincorporate in another state, no? That is, the ones not incorporated in Delaware like many US companies.

    • mosiacmango@lemm.ee
      link
      fedilink
      arrow-up
      38
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Most of the big tech data barons are incorporated in California, and its not an easy thing to “up and move” corporations with 100s of billions of assests.

      It will be easier, much easier, for them to comply, especially as seeing Delaware is also a liberal state, and very well may pass the same law at some point.

      • maynarkh@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Can they just move the assets out to some random far-away jurisdiction? Say “we collect the data, but we actually sell it to this company in Panama and they have it, so we can’t give it to you”.

        • Jamie@jamie.moe
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Ah yes, the old parent company with a sole employee and it’s address is a basement in a country where the laws they want to avoid don’t apply.

        • oce 🐆@jlai.lu
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          They could make it mandatory to store Californians’ personal data in California. I think that’s what EU requires? Then they can threaten them with closing their business in California if they don’t comply.

    • affiliate@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      the full sentence you’re quoting is

      The new bill reinforces that all data brokers must register with the California privacy protection agency, and it requires the CPPA to establish an easy and free way for Californians to request that all data brokers in the state delete their data through a single page, regardless of how they acquired that information.

      i’m not a lawyer, but it seems to me that it’s saying the new bill would require data brokers to register with the CPPA in order to operate in california (regardless of where the companies are based). then, this registration process would force them to comply with the “delete their data through a single page” process (or pay a fine).

      the rest of this article seems to support this interpretation.

    • emergencyfood@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      The way laws usually work is (gross oversimplification):-

      Different state, same country - they have to follow this rule when dealing with customers from California.

      Different country - they can break the law, but then California / US can sanction them (i.e. no US-based company can directly do business with them)

      There are workarounds to both but 99% of companies will just comply, at least on paper.

    • curiousaur@reddthat.com
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Doesn’t have to become federal. You could use a VPN and say you’re in California. They will probably just start assuming all requests are valid Californian. It’s quite possible California just changed the world.

  • Melllvar@startrek.website
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    many advertising companies have argued it would undermine their industry.

    Yes.

    “Absent this data, smaller enterprises will lose a critical path to reach and attract new customers

    They seemed to get along just fine for centuries without it.

    "[…] and consumers overall will have less exposure to new products and services that may interest them,” a group of ad trade bodies wrote in a letter first reported by Adweek.

    They say that like it’s a bad thing.

    I will be availing myself of this law just as soon as the website is up.

  • AngrilyEatingMuffins@kbin.social
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    Can I take a trip to California and do this or is there some way your residence is determined? I’m about to go to sleep so I don’t want to read the article!

    • swordsmanluke@programming.dev
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      I work in an adjacent industry. Establishing “is this person actually a resident of X” is really hard. It’s much easier to just allow everyone to submit CPPA/CPRA requests.

      So that’s what everybody does.

      Just because it’s only required in CA doesn’t mean you won’t be able to make use of it!

      Edit: At the start of 2023 the CPRA already established that CA residents (which really became anybody) can request their data be deleted. It looks like this new bill just mandates a central location to transmit those requests out to everybody from.

      There are already services that do this (The article mentions Delete Me) for a fee. This is going to eat their lunch, but is going to be a major win for privacy!

    • emergencyfood@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      You don’t even need to go there. You can just claim to be a resident and most companies won’t actually bother to check. This is why when the EU passed GDPR, most companies just gave all users GDPR rights.

    • kingthrillgore@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I worked on a CCPA project in a non CCPA state for a big media company. Company’s lawyers just wanted to make it so if anyone applied we complied, its cheaper in terms of labor to build it out and comply.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    This is the best summary I could come up with:


    In a victory for privacy advocates and consumers, the California governor Gavin Newsom signed a bill that would enable residents to request that their personal information be deleted from the coffers of all the data brokers in the state.

    The bill, SB 362, otherwise known as the Delete Act, was introduced in April 2023 by the state senator Josh Becker in an attempt to give Californians more control over their privacy.

    While proponents of the bill have lauded it as a less tedious and more user-friendly way to reinforce existing California privacy laws, many advertising companies have argued it would undermine their industry.

    Those companies buy and sell consumer information such as location, address, online activity and more to various clients including law enforcement.

    “Absent this data, smaller enterprises will lose a critical path to reach and attract new customers, and consumers overall will have less exposure to new products and services that may interest them,” a group of ad trade bodies wrote in a letter first reported by Adweek.

    The Delete Act “will improve everyone’s privacy rights and make California’s consumer privacy laws more user-friendly, while also strengthening current California law that requires data brokers to register with the state”, said Hayley Tsukayama, the associate director of legislative activism at digital rights group the Electronic Frontier Foundation.


    The original article contains 642 words, the summary contains 218 words. Saved 66%. I’m a bot and I’m open source!

  • meseek #2982@lemmy.ca
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    1 year ago

    All data brokers in the state.

    So they move out of state.

    You can make whatever laws you want. These guys are in business because they circumvent those laws.

    This new one looks like it’s meant to make people feel safer but not actually do anything to curb these data hoarders.

      • meseek #2982@lemmy.ca
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        The world doesn’t work like that. They’ll move to poor countries, flood the local government officials with gifts, and set up shop there. The fuck some guy in Uganda or Belize gives a shit about you and your “data.”

        We just need to reign in tech companies that they just can’t get this data. Period. That’s the only way. Cut it off at the source.

    • Gutless2615@ttrpg.network
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      The law applies to any data broker that buys and sells the information of Californians not just the ones based in the state

  • Donjuanme@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    1 year ago

    I only worry about bad actors targeting people and having their works removed. In a world of deep fakes and social engineering attacks, back up your data and don’t trust any company to do right by you, or the laws.

    • 👁️👄👁️@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Social engineering will definitely be involved, but usually when you request deletion they take like a week or so to process so you have time to cancel if you’d like. So that’s a bit of protection. Also I’m not sure where that “one page” is located to access all of it is, maybe some California government site. If so, then that’s additional credentials the user can protect.

  • PatFusty@lemm.ee
    link
    fedilink
    arrow-up
    7
    arrow-down
    32
    ·
    edit-2
    1 year ago

    Someone correct me but how is this not a breach of the 5th amendment? The government cant just force a company to relinquish intellectual property regardless of how they got it

    Edit: wow you guys are toxic. Cant even ask a question here without getting dogpilled

    • ackzsel@kbin.social
      link
      fedilink
      arrow-up
      26
      arrow-down
      1
      ·
      1 year ago

      I don’t think intimate details about a person is a companies intellectual property.

    • HughJanus@lemmy.ml
      link
      fedilink
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      I’m genuinely interested in your interpretation of how your personal information can be considered “intellectual property” of a data broker.

      • PatFusty@lemm.ee
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Yeah I said correct me if im wrong because I wasnt sure.

        I dont know if it works like this but i would think that when you use someones app or website or connections, and this company captures your information, this makes it their property. This would be akin to someone taking photos of you without your permission and selling them as stock photos. Those photos are theirs, as disgusting as it is and I dont think the government can step in to make you give that up. Obviously this analogy doesnt work because selling pictures like this is illegal but the idea is the same because you waive your rights when you use their products.

        Again, not sure if thats how that works, only have a surface level understanding here.

    • n0m4n@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Is your medical and financial information your property or an insurance company’s property? Is this information given to governments, by threat of law? (Yes, if that state demands it, and depending on their constitution) Does a hacker have the right to sell whatever information that they acquire from any institution, or from you? The lack of a right of privacy in the US Constitution and ancient fossils in SCOTUS and legislatures will bring us rapidly forward to 1900 any day now, to their grappling with technology.

    • upforitbutnotdownforit@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Which is why no one mentioned or implied anything even remotely related to intellectual property. Not sure why it’s being brought up, but now we can get back on topic: people’s data being stolen, and then taking one small step towards rectifying that.

    • emergencyfood@sh.itjust.works
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago
      • Intellectual property rights are granted by the state, and can be revoked as per law.

      • User data is not IP.

      • The legal owner of data about an user is (usually) the user.