Now California officially has the strongest privacy data protection in the US.
To kick off the new decade, the golden state, decided to go big 2020 with the California Consumer Privacy Act that goes into effect 1:sto f January. It’s the first law in the US with a comprehensive set of rules around consumer data, similar to the European General Data Protection Regulation, GDPR.
Now the law is officially in power in California, the world’s fifth-largest economy. For the average internet user in California, life will not be radically different. Depending on how it’s enforced, its impact could though make the USA start taking privacy seriously. Companies will need additional transparency regarding how they utilize the personal information of their clients. This includes things like the categories of information collected, its source, its purpose, any third parties accessing it and specific pieces of information the business collected about the consumer.
The California Consumer Privacy Act (CCPA) is limited to all companies that operate in California and either:
1) Makes at least $25 million in annual revenue,
2) Gathers data on more than 50 thousand users, or
3) Makes more than half its money off of user data.
For California residents, it creates a handful of new rights over their data. The most significant categories are “the right to know” and “the right to say no.” That means users will be able to see what data companies have gathered about them, have that data deleted, and opt-out of those companies selling it to third parties from now on.
We’re not just talking about Google and Facebook, but any big company that does a lot of business online—which are to say, any big company.
The legislation targets five key concerns when personal information is collected:
Right to know what personal information is being collected
Right to know whether personal information is sold or disclosed, and to whom
Right to say “no” to the sale of personal information, including deletion of data
Right to equal service and price
Right to access their personal information
While this legislation has several similarities to GDPR, it’s not exactly the same. The need to inventory and deal with sensitive personal information is the same. And companies need to comply with people's requests to see what information exists about them, and if desired to be deleted in the data systems if no consent or need exist.
Many Californian companies already have processes allowing European users to delete their data thanks to GDPR, which laid some groundwork for the CCPA. Some platforms, including Facebook, have to build new tools allowing users to exercise the rights that the CCPA now guarantees to California residents.
The final regulations of the law haven’t been released yet and the state won’t start enforcing the law until July 1. The law grants Californians the right to sue companies for failing to take reasonable precautions to prevent data breaches. Even if the question if enforcement will be robust enough for the law to really make an impact It seems certain that privacy is here to stay.
Tomas Hultgren
ContentMap
Here we write some short summaries on technologies and businesses that we think are interesting around our area. You are most welcome to comment or suggest changes. Many thanks, ContentMap team.