I hope this is good and turns global. We need this, because consent banners do not work.
The CCPA is far better than the GDPR. For one, they actually managed to make an effective privacy law that didn't have the knock-on effect of polluting the entire internet with pointless cookie banners. The EU is already making moves to scrap huge parts of their misguided privacy regulations and adopt rules more like what California did with the CCPA.
California lawmakers "adopted the GDPR" only insofar as they studied it to learn what not to do.
Unfortunately following the link results in an infinite redirect.
And yet, Gemini does not seem to let me delete queries. This is unusual for Google who provides ways to delete pretty much all data on selective basis. Maybe I just can't find the option. Or maybe this option only exists if I'm in the EU
Does DROP let you censor search records?
I’d encourage anyone in Europe to compare California’s CCPA to the EU’s GDPR. It was inspired by the latter, and fixes a lot of its problem. (The Swiss referendum system was based on learning from and improving on California’s.)
Though I wonder what the second order effects of this might be. Imagine a service that vets tenants for landlords. If I've had all my data deleted, might I start failing background checks because the sketchy data brokers have no records of me? I fear a future where the complete absence of my data leads to bad side effects.
cough un-ecrypted experian backups getting stolen from a UPS truck at gun-point and nothing else stolen cough
The page refers to 500 data brokers, but I’d like to find the complete list they use.
There is a reason the FTC and DOJ force this companies to break up, except they have hordes of lawyers and the law will always be catching up to reality so it doesn't do much in this day and age.
That doesn't match the definition of data broker. It's also a huge stretch, as many companies have subsidiaries and different divisions that are separate legal structures.
If you want to be both obtuse and pedantic about it, the answer is yes to all three.
The Delete Act has more teeth. Independent compliance audits begin in 2028 with penalties of $200 per day for failing to register or for each consumer deletion request that is not honored. GDPR spurred organizations to compliance, partly because of the steep penalty (up to €20 million or 4% of revenue, whichever is higher), maybe The Delete Act (and its much smaller penalty) will also spark organizations to comply.
1st Amendment: Congress shall make No Law
14th Amendment: Due process... incorporate the Bill of Rights against the states
I often wondered whether the next case after MacDonald vs Chicago and Heller would do the same for the 2nd amendment, i.e. wipe away the ability of cities to require gun licensing and registration.
Yes only CA residents can use this.
Haven’t really thought this through and I’m not a policy wonk… just spitballin’.
Why is this better than requiring deletion?
An act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question. But the Delete Act isn't that.
Perhaps. I just see another compliance-industrial tax on consumers backed up by a nonsense checklist.
> act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question
Or opt out by default.
Perhaps California should give counties the power to do that. Then we can watch the experiment for unintended consequences.
Make this cost and practices will change.
This does feel like an area where there could be useful bipartisan agreement if packaged properly.
weaksauce•1h ago
RiverCrochet•1h ago
ofalkaed•1h ago
userbinator•1h ago
A "right to rewrite history" that will distort reality for historians in the future.
How did HN become effectively pro-DRM?
Swizec•58m ago
California represents 12% of USA population, 14% of US GDP. Effectively that means CA can throw its weight around and companies are forced to at least pretend to comply. Whether they actually comply depends on enforcement.
Now if Delaware were to adopt such a law for every company “headquartered” there …