California lawmakers proposed regulations on Thursday to dictate how the U.S. state will enforce its tough, new privacy law. The law, known as the California Consumer Privacy Act, gives consumers more control over how companies collect and manage their personal data.
The CCPA allows people to request that data be deleted and gives them the opportunity to opt out of having their information sold to a third party. The proposed regulations would include specific requirements that businesses must comply with, such as including a “do not sell” link for consumers.
Businesses will also be required to treat consumer choices made in privacy settings as valid opt-out requests. Companies that handle personal information for more than 4 million consumers will be subject to additional requirements.
“Americans should not have to give up their privacy to live and thrive in this digital age,” California Attorney General Xavier Becerra said at a press conference where he released his agency’s draft of the regulations.
California’s law is meant to provide protection to California residents in the absence of federal law and to push the nation to offer more consumer protections.
Implementation of the regulations will cost companies between $467 million and $16.5 billion between 2020 and 2030, according to estimates from the attorney general’s office. The regulations will also serve to protect more than $12 billion worth of information that’s used for advertising each year.
The deadline for submitting comments to the California AG’s office regarding the proposed CCPA rules is December 6. The act will become law January 1, 2020.