2020 Vision: California sees the future, and it looks like GDPR

Op-ed: The California Consumer Privacy Act is set to go into effect on Jan. 1, 2020. So what can we expect moving forward?

The California Consumer Privacy Act is set to go into effect on Jan. 1, 2020, enacting a series of sweeping data privacy reforms for the state’s nearly 40 million citizens. In a classic David-vs.-Goliath scenario, California residents will have the power to call at least some of the shots on how their data is used by corporate behemoths in Silicon Valley and beyond.

While residents of all 50 states are already covered under a patchwork of breach notification and privacy laws, the California legislation introduces some significant changes. Californians will have the power to ask companies to cough up all the data they’ve collected about them. They also will be able to tell these same companies to delete everything – personal information, data on what’s been shared, clicked on, and more — much like European Union residents are protected under the GDPR’s “right to be forgotten.”

What can we expect looking forward? Here are three predictions:

  • Californians will be quick to exercise their new privacy rights. In the hours following the GDPR deadline, companies were hit by lawsuits. Many organizations are currently drowning in a sea of “right to be forgotten” requests. In California, the new legislation will provide an outlet for consumers who have grown tired of handing over personal information only to have it fall into the hands of hackers.

  • California will serve as a model for data privacy. Just as California acted on its GDPR envy, U.S. states will get California envy. At least five more states will propose or pass additional privacy restrictions by the end of 2018. The most likely candidates for such legislation? New York, Washington, Hawaii, Colorado and Vermont.

  • Raised stakes in the form of higher fines for violations. Under the current legislation, companies can breathe a lot easier than under GDPR, which can fine violators up to 20 million Euros or 4 percent of worldwide annual revenue. Pundits and privacy experts think the California bill will continue to develop before it becomes law. It’s very possible the fines for non-compliance will increase to give the legislation more bite.


While many are speculating how the legislation will affect industry giants like Facebook and Google, its impact casts a wide net and will be felt by brick-and-mortar companies and service providers, including healthcare, finance and law firms – forcing them to navigate a new wave of privacy protections.

For California residents, the implications on everyday data collection and privacy are expansive — from the footsteps recorded on your fitness tracker, to your internet search history to your social media data. Some say the new legislation will stifle industry creativity and have a negative impact on customer experience. However, just as the internet and rise of big data encouraged innovation among consumer tech giants, new privacy legislation could foster new advancements.

The clock is ticking, and with just 18 months to go, companies have much to learn from their EU counterparts. It’s time to get to work.

Ken Spinner joined Varonis in 2006 and leads all technical pre- and post- sales engineering activities for customers worldwide.  Ken’s career spans 30 years with organizations ranging from startups to Fortune 500 industry leaders. Prior to Varonis, Ken held leadership and senior engineering roles at Neoteris, Netscreen, Juniper Networks, BlueCoat Systems and Merck. 

Latest Podcasts