California: New bill places restrictions on social media companies

A new Bill (“the Bill”), introduced on 28 January 2019, will impose liability on social media companies to provide the option for users of their platforms to have all their Personally Identifiable Information (“PII”) permanently deleted from the company’s databases. Consumers’ PII must also be excluded from sale, once the user has closed their account.

The Bill, AB 288, supplements the California Consumer Privacy Act of 2018 (CCPA) but does not change existing obligations under the CCPA. Social Media companies are advised to pay close attention to the Bill as it progresses.

If passed, the Bill will enable consumers who have suffered damages as a result of a privacy violation by any social media company, to take legal action against the company. If the company is found to have wilfully violated the Bill, the affected consumer may seek actual and punitive damages, as well as injunctive relief of a maximum of $10,000 per violation.

Definition of ‘Social Media company’

While for most people, the term “social media company” immediately conjures up names such as Facebook, Twitter or WhatsApp, it means any company that provides digital services, accounts or content, including:

  • online services or accounts;
  • website profiles;
  • instant messaging;
  • text messaging;
  • email;
  • locations;
  • blogs;
  • vlogs (video blogs;
  • video content;
  • still images (photographs); or
  • podcasts.

Privacy on Social Media platforms

The Bill provides that when a user takes the decision to close his/her account with the social media company (“the Company”), The Company must provide the user with the option, and the means, to have their Personally Identifiable Information (PII) permanently deleted and excluded from sale. Furthermore, the Company must expedite the user’s request within a reasonable time.

Enforcement actions and liability

  • Negligent violation

In the event of a Company violating the Act through negligence, a consumer who has suffered damages may bring a court action to recover actual damages including:

  • loss of earnings;
  • court costs;
  • legal representation fees; and
  • pain and suffering (if applicable)
  • Wilful violation

In the case of a wilful violation of the Act, a consumer may claim the following:

  • actual damages as listed above; plus
  • punitive damages up to $10,000 per violation, as the court deems proper;
  • any other relief that the court deems proper.

 According to the Bill, injunctive relief shall be available to any consumer aggrieved by a violation, or a threatened violation of this Act, irrespective of any other remedy the consumer seeks.

In the case of a class action, wilful violation of the Act will result in punitive damages. When determining the amount of the award, the court shall consider:

  • the amount of any actual damages awarded;
  • the frequency of the violations;
  • the resources of the violator; and
  • the number of individuals adversely affected.

 The prevailing plaintiffs shall be entitled to recover court costs and reasonable attorney’s fees. If a plaintiff only seeks and obtains injunctive relief to compel compliance with this Act.

Court costs and attorney’s fees shall be awarded pursuant to Section 1021.5 of the Code of Civil Procedure.

Nothing in this section is intended to affect remedies available under Section 128.5 of the Code of Civil Procedure.

 Sources and credits:

California Legislative Information: AB-288 Consumer privacy: social media companies

Important: This article is provided for information purposes only and does not constitute, nor should it be considered legal advice. Please consult with a duly qualified data privacy practitioner.

Contact the author
Peter Borner
Executive Chairman and Chief Trust Officer

As Co-founder, Executive Chairman and Chief Trust Officer of The Data Privacy Group, Peter Borner leverages over 30 years of expertise to drive revenue for organisations by prioritising trust. Peter shapes tailored strategies to help businesses reap the rewards of increased customer loyalty, improved reputation, and, ultimately, higher revenue. His approach provides clients with ongoing peace of mind, solidifying their foundation in the realm of digital trust.

Specialises in: Privacy & Data Governance

Peter Borner
Executive Chairman and Chief Trust Officer

As Co-founder, Executive Chairman and Chief Trust Officer of The Data Privacy Group, Peter Borner leverages over 30 years of expertise to drive revenue for organisations by prioritising trust. Peter shapes tailored strategies to help businesses reap the rewards of increased customer loyalty, improved reputation, and, ultimately, higher revenue. His approach provides clients with ongoing peace of mind, solidifying their foundation in the realm of digital trust.

Specialises in: Privacy & Data Governance

Contact Our Team Today
Your confidential, no obligation discussion awaits.