California on Thursday passed a strict new law aimed at protecting people's privacy online, a move that promised to shift the terrain on which internet firms operate in the wake of recent scandals.
The bill, signed into law by Governor Jerry Brown, followed in the spirit of the General Data Protection Regulation, which recently took effect in Europe.
The legislation cut off an initiative that is heading for the ballot in this state in the fall.
UK watchdog orders Cambridge Analytica to hand over American's personal data
It was crafted to ensure rights including knowing what personal information is collected by companies on the internet and whether it is sold, and to whom, according to the bill signed by Brown.
The law also gives people a right to 'say no' to the sale of their personal information, and calls for them to be treated the same as anyone else online if they opt to restrict use of their data.
Internet businesses that receive 'verifiable' requests by people to have their data deleted will be required to do so, with a list of exceptions that include keeping what is needed to complete transactions, detect security breaches, or protect against illegal activity.
'A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer's personal information,' the legislation said. "This right may be referred to as the right to opt out."
US net neutrality rules expire
Business home pages will be required to provide 'clear and conspicuous' links titled 'Do Not Sell My Personal Information' that take people to opt-out pages.
People whose personal information is stored unencrypted and not sufficiently protected were also give the right to pursue civil claims.
The shift both in Europe and California came after the harvesting of Facebook users' data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.