At the end of June California passed sweeping new legislation on how consumers interact with their data. The EU’s adoption of new GDPR regulation seems to have spurred state representatives into action as California seeks widespread protections of user data, similar to the ones under GDPR. Set to take effect in 2020, experts are calling it the most extensive data privacy regulation in the nation; here is what you need to know:

 

Am I affected?

If your company takes in annual revenue of $25 million, its mobile platform receives personal information from at least 50,000 California residents, or if 50 percent of your revenue comes from selling Californians’ personal information, your company is subject to this new law.

 

What does this mean for my users?

From a user’s perspective the biggest changes will be the amount of information available to them, and the level control over their personal data. Under these new regulations users will have the right to know what data is being collected and where it is going. Users also gain the ability to opt-out of having their data sold and can request information be deleted. Only time will tell how access to this information will impact the relationship between the users and their apps, but this does represent a marked change in how users can interact with your company.

 

How do I prepare?

The biggest challenge facing any company looking to be compliant with this new law is developing a dependable system for tracking California user data and processing access and deletion requests from their users. Here are some things to keep in mind:

  1. Prepare and maintain accurate records of all personal information for each user
  2. Provide multiple avenues for submitting data access requests, including a toll free number
  3. Provide a clear opt-out options on your website and in-app to allow users to decide if they want their data to be sold to a third party
  4. Update privacy policies to reflect the new law and make current users aware of changes

 

What does the future look like?

Fortunately, if your company is already GDPR compliant you have little to fear as the proposed protections are not expected to be nearly as expansive. While the bill passed unanimously there remains plenty of room for amendments and change over the next 18 months and it will likely look very different by 2020. However, this law is a major shift in the status quo and it will be interesting to see if California becomes the exception or the rule in American data privacy policy.

 

 

 

Luckily at OpenBack we don’t have to worry about these new privacy laws as all of our clients will be able to activate campaigns that are both COPPA and GDPR compliant, which will cover the latest laws passed in California. If you’d like to find out more about how we help our clients drive engagement and revenue for our clients, in a data sensitive way, please reach out to gnishita@openback.com.

 

Additionally, if you’re interested in reading more about California’s new data privacy law, we recommend his article by WSJ.