Here’s how California lawmakers could step in to protect the online privacy of consumers in 2018

Ajit Pai, chairman of the Federal Communications Commission, testifies before a Senate committee in 2016.
(Nicholas Kamm / AFP / Getty Images)

Amid battles with President Trump over his calls to shut down the nation’s borders and increase deportations, California lawmakers focused this last legislative sessionon keeping personal data collected by state and local agencies away from the federal government.

In the coming year, their attention is likely to turn to private companies and how they protect consumers’ information. With federal regulation rollbacks, a rise in data breaches and a growing industry of products connected to the internet, some legislators and tech lobbyists say they want people to have more notice and control over what personal data is collected, without having to pay for privacy or better services.


Here are some efforts to watch:

1. Legislation — and litigation — on net neutrality

After the Federal Communications Commission voted to repeal net neutrality regulations, state Sen. Scott Wiener (D-San Francisco) pledged to bring them back to California.

The Obama-era rules put in place in February 2015 barred broadband and wireless companies such as AT&T and Verizon from slowing speeds for some video streams and other content, discriminating against legal material online and selling faster delivery of certain data. They also gave the Federal Trade Commission authority over internet service providers.

Supporters of net neutrality could go to court in an attempt to halt the FCC order and to challenge language that could prevent state and local governments from adopting their own net neutrality rules.

But Wiener says there is room for the state to act now. He is looking into ways to require net neutrality as a condition in state contracts, cable franchise agreements and broadband packages.

2. Efforts to stop the sale of personal data

Assemblyman Ed Chau (D-Monterey Park) has been working to reinstate another set of FCC regulations rolled back this year by Trump and Congress: rules that require internet providers to get permission from customers before using, selling or allowing access to their browser history.

Chau first introduced the California Privacy Act last legislative session, but it was shelved in the state Senate following heavy lobbying efforts by major internet service providers. He intends to try again in 2018.


The bill would enshrine the old federal regulations in state law. It also would bar companies from blocking or limiting service if customers do not waive their privacy rights. And it would prohibit them from offering customers discounts in exchange for waiving their privacy rights — or from charging them a penalty if they refuse to do so.

In a separate effort, privacy advocates are attempting to establish similar rules through a proposed ballot measure. But they want the regulations to apply to all businesses that collect and deal data for commercial purposes. Organizers have until May to collect more than 365,000 signatures before the initiative can become official.

3. Free credit freezes

In an area where there are no federal rules, state Sen. Jerry Hill (D-San Mateo) has said he plans to introduce legislation to prevent credit agencies from charging up to $10 to place or lift a credit freeze.

The legislation comes after Equifax, one of the nation’s three major credit reporting agencies, revealed in September that the personal data and credit information of more than 145 million consumers had been exposed in a breach, including names, birth dates and social security and driver’s license numbers.

Under California law, people can freeze their credit for free if they have been victims of identify theft and have filed a police report. Otherwise, a person can pay up to $30 to freeze their credit with all three major credit agencies, Equifax, TransUnion and Experian — and another $30 to unfreeze it. Residents older than age 65 can get a credit freeze for free but must pay $5 to remove it.

Four states — Indiana, Maine, North Carolina and South Carolina — allow free credit freezes, according to the U.S. Public Research Interest Group.


“Credit agencies are involved in so many aspects of our lives — from buying a car and purchasing a home, to simply signing a new cell phone contract,” Hill said in a statement. “The agencies possess our most sensitive information, and they shouldn’t profit from consumers’ efforts to protect their personal and financial data.”

Equifax’s interim CEO has apologized for poor customer support after a massive data breach.
(Mike Stewart / Associated Press )

California state senator pledges to bring back net neutrality rules just as FCC votes to repeal them »

4. Rules for teddy bears and toasters

Privacy advocates also are watching for the comeback of another Senate bill shelved last year that would prevent companies from selling products that can listen in on conversations and collect personal information from unknowing consumers.

SB 327, also known as the Teddy Bear and Toaster Act, by state Sen. Hannah-Beth Jackson (D-Santa Barbara) would require manufacturers to equip their internet-connected devices, including toys, clocks, kitchenware and electronics, with certain security and privacy features.

Products would have to alert consumers — through visual, auditory or other cues — when they are gathering data. Companies would have to obtain user consent when they intend to transfer the information. And they would have to disclose at point of sale whether the devices are capable of sweeping up sensitive data so that customers can take that into account while shopping.


Jackson will likely move the bill forward in January.



California state senator pledges to bring back net neutrality rules just as FCC votes to repeal them

Closely watched California Internet privacy bill dies in final minutes of legislative session


California passed a law boosting police transparency on cellphone surveillance. Here’s why it’s not working

Updates on California politics