While the U.S. election results lack clarity of the presidential election, which seemed clear back in the days of Walter Cronkite, there is a definitive decision on data protection based on the positive voting results for Proposition 24 in California. Credit card issuers: beware.
Proposition 24 codifies privacy and data privacy with standards and penalties, which will likely set a standard for the United States. Some say data protection is beyond the rigors of Europe’s General Data Protection Regulation (GDPR) (see here).
According to the official California site:
- A YES vote on this measure means: Existing consumer data privacy laws and rights would be expanded. Businesses required to meet privacy requirements would change. A new state agency and the state’s Department of Justice would share responsibility for overseeing and enforcing state.
BallotPedia summarizes the ballot:
- Permits consumers to (1) prevent businesses from sharing personal information; (2) correct the inaccurate personal data; and (3) limit businesses’ use of “sensitive personal information”—including precise geolocation; race; ethnicity; religion; genetic data; private communications; sexual orientation; and specified health information.
- Establishes the California Privacy Protection Agency to enforce and implement consumer privacy laws and impose fines additionally.
- Changes criteria for which businesses must comply with laws.
- It prohibits businesses’ retention of personal information for longer than reasonably necessary.
- Triples maximum penalties for violations concerning consumers under age 16.
- Authorizes civil penalties for theft of consumer login information, as specified.
For now, the change only affects California residents and business. However, the long-range implications can add overhead to consumer banking and credit cards.
Looking at the impact of GDPR on Europe, International Banker finds:
- The concurrence of the GDPR and open banking raises some particularly interesting privacy challenges. Customers are being asked to open up their data at a time when large organizations are under more scrutiny than ever when it comes to their data practices.
- Open banking is a significant shift away from this message and one that has naturally taken some time to bed in.
Credit card issuers, take note: Penalties are not cheap.
Overview provided by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group