California Seeks to Change Default Online Privacy Settings

Published: May. 24, 2011

Updated: Oct. 05, 2020

An amended version of the Social Networking Privacy Act (SB 242) dropped in the California legislature last week, and the bill seeks to wrest control over how social network users’ default privacy settings are configured, and when those users are presented with options to change them, away from the sites and replace it with a system that California deems better for users. 

The primary features of the bill include:  1) forcing sites to impose a default privacy setting that prohibits the public display of any information other than a user’s name and city of residence; 2) requiring sites to create a process for users to select their privacy settings as part of the registration process and prohibit registration until a user chooses their settings; and 3) mandating that sites honor users’ requests (or the request of the user’s parent if the user is under 18) to delete their personal information within 48 hours.  The law would have teeth.  Sites that willfully and knowingly violate the law would face a civil penalty of up to $10,000 for each violation.

Not surprisingly, the bill has met staunch resistance from a coalition of major California-based internet companies and interest groups, all of whom reasonably assert that consumers should be free to make their own choices about their privacy settings (and do so after they understand how a given site works) rather than have California dictate when and how to make them.