California is today starting to enforce its digital privacy law, six months after it went into effect. It has been described as the toughest privacy law in the US, having been partly modelled on Europe’s gold-standard GDPR law…
The law was passed on January 1, but the state gave businesses six months to make themselves compliant. The Washington Post reports that calls to give companies more time due to the coronavirus crisis were rejected.
Despite industry calls for the state to hold off because of the novel coronavirus pandemic, Attorney General Xavier Becerra is forging ahead. ‘For sure we will start enforcing on July 1,’ Becerra said in an interview.
The law went into effect Jan. 1 after a winding and sometimes surprising route through a voter ballot process, the state legislature, and a contentious amendment period culminating in a final version last fall. It gives consumers in the state — and many outside California — broad ability to be able to request that companies tell them what personal data they hold on each person and to ask companies to stop selling their personal data to third-party advertisers or others. The law gave companies six months after it took effect before enforcement began, though Becerra noted that companies had to begin complying in January.
Businesses will, however, get a little leeway when violations are detected.
Starting Wednesday, Becerra’s office is able to start sending businesses warnings that they might be in violation of the law and give them 30 days to fix the issues before facing possible fines or lawsuits.
Other states are at various stages in enacting their own digital privacy laws, amid continued calls by Apple and other tech giants for a single federal privacy law to make compliance easier to manage.
In other privacy news, NordVPN has passed a second independent privacy audit conducted by PricewaterhouseCoopers, one of the “big four” audit firms. The first such audit was completed in 2018.
The audit was designed to confirm the VPN company’s claims that it keeps zero logs of user activity. Although a virtual private network service hides your browsing activity from your ISP, some VPNs keep their own logs, and free ones make their money from this data.
NordVPN makes its money from subscriptions, and keeps no logs — and was the first VPN company to submit itself to an independent audit on this back in 2018. The latest audit confirms that this remains the case today.
NordVPN, a leading VPN provider that serves 12 million users around the world, can announce the completion of the second no-log policy assurance engagement.
After a thorough analysis focused on the procedures and configurations of Standard VPN, Double VPN, Obfuscated (XOR) VPN, and P2P servers, as well as the central infrastructure, practitioners found that, as of May 28, 2020, NordVPN’s customers are provided with a VPN service compliant with our no-logs policy […]
“Our users chose NordVPN for a reason, so our commitment to transparency is absolutely paramount. With public anger at social injustice on the rise, privacy and protection of the freedom of speech remain our top priority. As a leader in the field, we feel responsible for setting the highest and lasting standards of no-log policies,” said Laura Tyrell, head of public relations at NordVPN.
If you’re a NordVPN subscriber, you can access the report here while logged-in.
Photo: Asilvero/Wikipedia
FTC: We use income earning auto affiliate links. More.