Very good use for the law tag.
Added it. Thanks, didn’t know about that tag.
No worries. We all have to learn sometime. :)
Does this apply to (a) businesses with customers resident in California, (b) businesses incorporated in California with customers anywhere, or (c) businesses incorporated in California with customers resident in California?
This seems tricky to do at the state level and should be federal…Similar to how GDPR was EU level.
California has a long history of setting a higher (per-state) bar on things like vehicle emissions and mileage, forcing companies to either build two of everything (“49-state” cars) or follow the stricter set of rules for everything – usually they decide to do the latter. California’s lawmakers are probably hoping this will go the same way, since GDPR led the way.
It seems they’re doing it to get the ball rolling so to speak. Europe, now California, who next?
When GDPR took effect we had a former customer in the EU reach out to us with a right to erasure request. While we have EU customers we’re a US (California) company–but in researching the issue the likelihood of a privacy-focused ballot initiative in CA passing (which from reading the article AB 375 here was a response to) was one of the reasons we decided to work on legal compliance/privacy enabling features.
The best piece of advice I’ve received on the topic of user privacy I would summarize as “If you collect a piece of data, also show the user that data so they have a complete picture of what information is available about them.”