The California Consumer Privacy Act is a new privacy law that came into effect on January 1st, 2020. According to the law, companies are required among other things to inform users of their intent to use the individual’s personal data for monetization purposes with the option of opting out of the same. If consumers choose to opt-out, businesses must comply.
Key objectives of the act include:
- Allowing residents of California to have more control over their personal data. They are also more aware of what information about them is being collected, to whom it’s being sold, etc with the right to deny the permission for sale and even removal of data if necessary. They are still liable to receive equal service and price even if they acted in resistance against the monetization of their data.
- Treating residents in a fair manner and not subjecting them to higher prices or poor service as a result of their privacy choices.
- Providing an extra layer of protection to minors by restricting businesses from selling data of consumers under 16, unless authorized by the minor or their parent.
How did the CCPA come about?
According to state law in California, citizens can propose new laws through a ballot initiative by securing enough signatures on a petition. Once approved, these initiatives become laws and cannot be amended. In 2018, a petition urging the government to consider drafting a privacy act collected 629,000 signatures.
The CCPA was passed in seven days, just before the ballot deadline closed and it came into being officially.
How does the CCPA define “personal information”?
The law takes a broader approach with regards to what it defines as “personal information” unlike the EU’s General Data Protection Regulation (GDPR). Some of it is listed below:
- Identifiers such as a real name, alias, address, email address, social security number, license number, passport number, or similar identifiers
- Commercial information including property records, product purchases, and other consumer histories and tendencies
- Biometric data such as fingerprints and facial recognition data
- Professional or employment-related information
- Geolocation data
- Internet or network activity data, such as IP addresses, browsing history, search history, and interactions with online sites or advertisements
Pros and Cons?
Currently, both customers, as well as businesses, are conflicted. On the one hand, platforms such as Spotify require a lot of personal data to serve effective advertisements. With the effect of the CCPA, advertisers will pay less per impression which forces Spotify to increase its subscription fee for customers. This is not a win-win situation for both parties.
On the other hand, large tech giants who have a history of misuse with personal data now finally have a watchdog to keep them in check should they ever try to do something similar in the future.
Another problem that arises is the extra costs that will be burdened on the consumer. Eric Goldman, a professor and co-director of the High Tech Law Institute at the Santa Clara University School of Law in his chat with Vox Media stated that “Few consumers will ever take advantage of the rights created by the statute, but all consumers will implicitly pay more to help businesses cover their CCPA compliance costs.”
With the advancements in the digital world, data has become a precious commodity that if misused, can lead to catastrophic situations. Government laws are a step forward in protecting the rights of consumers and creating an environment of security and responsibility.