Data privacy has really come to the forefront of the national conversation over the past several years, as the many missteps by big tech when it comes to protecting consumer data seemed to happen with more frequency. As consumers have gotten so used to “free” tech services such as Google, Facebook, Twitter, and many others, it’s worth noting that old proverb: If you aren’t paying for the product, you are the product. 

A significant new law that aims to help consumers control their “product,” (i.e. data), went into effect this week: the California Consumer Privacy Act. We’ve written before about how this law seeks to emulate similar statutes from around the globe, such as the EU’s GDPR, which gives consumers the right to control how their data is used by private companies. 

The new California law applies to businesses that gross annual revenues of more than $25 million; buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices in California; or derive 50% or more of their annual revenue from selling consumers’ personal information, per CNBC. 

It will be interesting to see if this is only the first in a new wave of data privacy laws.