A Common Sense Data-Privacy Law

California should adopt this law: “No person, company, union, or other entity may disclose to another outside that entity information specific to an individual located or resident in California obtained from monitoring that individual’s purchases or electronic communications without the individual’s explicit, prior approval which shall be deemed to expire one year after such approval has been given. All entities requesting such prior approval must provide an alternative to any individual choosing not to grant permission, allowing as much of the service as is reasonable, commercially and technologically. Violation of this section shall be punished by a fine of $1,000 per individual whose information was disclosed, per party to whom disclosure was made.”

The gathering of information collectivized for marketing or demographic statistical purposes, including “big data” collection at grocery and department stores, would be allowed to continue, since it is not identified to an individual. If a data collector gives a user a box to check, and an individual chooses not to check it, the user has to be given some reasonable alternative to simply being denied. That would prevent coercing permission by threat of no access to the service