IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Legislature Targets Online Privacy in 2018

California lawmakers focused this last legislative session on keeping personal data collected by state and local agencies away from the federal government. In the coming year, their attention is likely to turn to private companies and how they protect consumers' information.

California lawmakers focused this last legislative session on keeping personal data collected by state and local agencies away from the federal government.

In the coming year, their attention is likely to turn to private companies and how they protect consumers' information.

With federal regulation rollbacks, a rise in data breaches and a growing industry of products connected to the Internet, some legislators and tech lobbyists say they want people to have more notice and control over what personal data is collected, without having to pay for privacy or better services.

Here are some efforts to watch:

1. Legislation — and litigation — on net neutrality

After the Federal Communications Commission voted to repeal net neutrality regulations, state Sen. Scott Wiener (D-San Francisco) pledged to bring them back to California.
The Obama-era rules put in place in February 2015 barred broadband and wireless companies such as AT&T and Verizon from slowing speeds for some video streams and other content, discriminating against legal material online and selling faster delivery of certain data. They also gave the Federal Trade Commission authority over Internet service providers.

Supporters of net neutrality could go to court in an attempt to halt the FCC order and to challenge language that could prevent state and local governments from adopting their own net neutrality rules.

Wiener is looking into ways to require net neutrality as a condition in state contracts, cable franchise agreements and broadband packages.


2. Efforts to stop the sale of personal data

Assemblyman Ed Chau (D-Monterey Park) has been working to reinstate another set of FCC regulations rolled back this year by President Trump and Congress that require Internet providers to get permission from customers before using, selling or allowing access to their browser history.

Chau first introduced the California Privacy Act last legislative session, but it was shelved in the state Senate after heavy lobbying efforts by major ISPs. He intends to try again in 2018.

The bill would enshrine the old federal regulations in state law. It also would bar companies from blocking or limiting service if customers do not waive their privacy rights. And it would prohibit them from offering customers discounts in exchange for waiving their privacy rights — or from charging them a penalty if they refuse to do so.

In a separate effort, privacy advocates are attempting to establish similar rules through a proposed ballot measure. But they want the regulations to apply to all businesses that collect and deal data for commercial purposes. Organizers have until May to collect more than 365,000 signatures before the initiative can become official.

3. Free credit freezes

In an area where there are no federal rules, state Sen. Jerry Hill (D-San Mateo) has said he plans to introduce legislation to prevent credit agencies from charging up to $10 to place or lift a credit freeze.

The legislation comes after Equifax, one of the nation's three major credit reporting agencies, revealed in September that the personal data and credit information of more than 145 million consumers had been exposed in a breach, including names, birthdates and social security and driver's license numbers.

Under California law, people can freeze their credit for free if they have been victims of identify theft and have filed a police report. Otherwise, a person can pay up to $30 to freeze their credit with all three major credit agencies — Equifax, TransUnion and Experian — and another $30 to unfreeze it. Residents over 65 can get a credit freeze for free but must pay $5 to remove it.

4. Rules for teddy bears and toasters

Privacy advocates also are watching for the comeback of another Senate bill shelved last year that would prevent companies from selling products that can listen in on conversations and collect personal information from unknowing consumers.

SB 327, also known as the Teddy Bear and Toaster Act, by state Sen. Hannah-Beth Jackson (D-Santa Barbara), would require manufacturers to equip their Internet-connected devices, including toys, clocks, kitchenware and electronics, with certain security and privacy features.

Products would have to alert consumers when they are gathering data. Companies would have to obtain user consent when they intend to transfer the information. And they would have to disclose at point of sale whether the devices are capable of sweeping up sensitive data so that customers can take that into account while shopping. Jackson will likely move the bill forward in January.

Distributed by Tribune Content Agency, LLC. From The Los Angeles Times