The two laws take effect on January 1st, 2020, so there’s time for tech firms to build the features into their products.
Some industry groups are anxious about the laws. The California Manufacturers and Technology Association (which includes companies like AT&T, Intel and Honeywell) told Government Technology in a statement that the state was “imposing undefined rules” and had allegedly created a “loophole” that let imported devices avoid the rules. The Entertainment Software Association, meanwhile, claimed that existing laws already covered reasonable privacy protection.
However, that’s not how the politicians see it. Senator Hannah-Beth Jackson, who introduced one of the bills, noted that foreign companies will still have to meet the standards regardless of where they make their devices. This is also about leaving companies to use “best judgment” for security on their own devices, she said.
You probably won’t see devices with airtight security as a result of this. There’s no mandates for encryption, for example. However, that’s not really the goal here. This is more about preventing rookie mistakes, such as connected toys that transmit data with few if any safeguards. Cyberattackers may still get through — they’ll just have fewer obvious targets.