The US state of California is set to introduce privacy legislation in the form of the California Consumer Privacy Act of 2018 (CCPA) which may have a similarly wide-ranging impact to the GDPR.

The CCPA became law in California on 28 June 2018, and this month saw the introduction of a second in a series of bills to amend the law before enforcement begins on 1 January 2020.

The legislation will offer consumers the right to request that a business disclose the categories and specific pieces of personal information that it collects about them, through a process which appears to be similar to the right of subject access under the GDPR.

There will also be a right to delete personal information which appears to be similar to the “right to be forgotten”.

The process of amending the CCPA, which was first introduced subject to legislative time pressure in 2018, looks set to be a lengthy one with the potential for numerous further modifications and refinements.

Unsurprisingly, that process has seen the CCPA become a battleground for the diverging views of technology industry interests on the one hand and privacy advocates on the other, as to where the balance is to be struck between the interests of businesses and consumers.

Bills to carve out exemptions for certain categories of business were supported by lobbyists who represent companies such as Facebook, Google, Amazon, and Apple.

Privacy advocates suggested that industry interests were seeking to weaken privacy in California by means of the amendments.

Mary Stone Ross, who was involved in drafting the legislation when acting as president of Californians for Consumer Privacy, described attempts to erode the law as “painful” to watch.

“We forced the hand of the legislature, but now it’s shifted back again,” she said.

One debate which reflects wider concerns in the technology industry is around a provision of the CCPA which means that businesses wouldn’t be able to charge higher prices or offer different services to customers who opt out of having their data collected or sold.

Privacy advocates have said that, in stopping businesses from offering discounts in exchange for personal data, this will prevent a “pay-for-privacy” regime that creates separate cost structures for those who can afford to subsidise their privacy and those who cannot.

Whatever the status of the various amendments, following the introduction of the GDPR the CCPA seems to be a further step towards protecting the interests of individuals in the era of Big Tech.