CA's new internet privacy law takes effect on New Year's Day

A recent survey from the Pew Research Center revealed that a large majority of Americans are concerned about how their personal data is collected online and disseminated. 

But on Wednesday,  California's new privacy law will give residents the right to choose whether to allow their personal information can be sold to third parties. 

“No one has attempted to do anything like this but we are at a crossroads," said California Attorney General Xavier Becerra. "Americans should not have to give up their privacy to live and thrive in this digital age." 

The law allows Californians to see what personal data has been gathered on them in the past year. They also have the right to demand that information be deleted. 

Attorney Boris Segalis, cyberlaw and privacy expert with Cooley LLP, said, "I'm not sure this law achieves anything but you do get the right to get your information deleted. But, it's a limited right. It's in certain circumstances and businesses don't really need to delete it if they have a legal requirement to keep it.”

There are many so-called information “identifiers” covered by the law. 

Personal data: such as your name, address, driver’s license, passport, and social security numbers. 

Biometric information: such as DNA, fingerprints, voiceprints, eye retinal scan patterns and health records. 

Sensitive information: such as your religious preference, political identity, sexual preference, as well as personal behavior or characteristics. 

Digital data: such as your internet address, internet accounts, browsing history, and phone numbers. 

It also includes invisible data collectors known as cookies, beacons or pixels that track users' activity online. 

“What I will tell consumers is, they have a lot of choices to make their browsing private,” said cyber attorney Segalis. 

That includes smartphones, notebooks, and computers that have non-tracking settings you control as well as many major web sites that allow you to turn the tracking off.  

Companies that do not comply with the new state law fine of $7,500 for each violation and $750 in civil damages for each affected user, which means penalties can quickly mount up.