California, the most populous US state, passed into law a set of sweeping new data privacy protections, in a move technology and telecom companies worried would hinder innovation and cause confusion among consumers.

The California Consumer Privacy Act of 2018 will take effect on 1 January 2020 and includes provisions similar to the EU’s recently implemented General Data Protection Regulations (GDPR). Specifically, it will give residents of the state the right to request what personal information businesses collect about them, who the information is shared with, or sold to, and the ability to opt-out of such sales.

Consumers will also be able to request a business delete personal information collected about them.

Personal information as outlined in the law includes: biometric information; IP address; internet browsing and search history; location data; email address; and inferences based on such information used to profile a consumer’s preferences. However, information available via public records is not protected.

Companies can be fined up to $7,500 per instance for intentional violations of the law.

Opposition
Technology and telecom players including AT&T, Verizon, Facebook and Google aligned in opposition to the bill.

In a statement to Mobile World Live, telecom industry group CTIA called for “federal bipartisan legislation” to replace California’s law, arguing state-specific laws would “stifle American innovation and confuse consumers”.

Similarly, Google warned the bill could have “unintended consequence” but didn’t elaborate, Reuters reported.

Technology and telecoms companies have historically sold personal information to third parties to make a profit, but have also used the data to hone their own service offerings and targeted advertising models.

However, the bill’s passage comes in the wake of the Cambridge Analytica data breach at Facebook and intense public scrutiny of companies’ data collection practices.

Earlier this month, all four major US wireless operators pledged to stop selling subscribers’ location data to third parties after news broke law enforcement used the information to track users without judicial authorisation.