New Consumer Privacy Act to Take Privacy Protection in California a Notch Higher
No consumer really knows the exact amount of data that companies collect about them online at any particular time. It is nearly impossible to determine exactly what information is collected and how it will be used. This has always been a sore spot with consumers. Everyone enjoys the convenience of shopping online. Up to now, there has never been a way to control how your personal information is collected, stored, or used.
In California, this is about to change. With the recent passing of the California Consumer Privacy Act (CCPA), consumers will now have some control over this.
The law, which goes into effect January 1, 2020, is designed to empower consumers with knowledge about how their personal information will be collected, used, and stored.
To break it down, here are the rights that the California Consumer Privacy Act, also known as AB-375, gives the residents of California:
- Knowledge about the kind of personal information that companies are collecting about them.
- Knowledge about whether the information collected about them is getting sold or disclosed to some other entity. The law entitles Californians to know the identity of the party obtaining their data from the original collector.
- Consumers can refuse the sale or disclosure of their personal information.
- They can gain unrestricted access to their personal information in its “readily useable format” that makes it viable for transfer to third parties.
- They can still enjoy equal services and prices even when they exercise their privacy rights. Companies can’t charge more or decline services to a consumer who wants to obtain information about how their information will be used.
Working Toward Stronger Consumer Privacy Protections
The creation of the California Consumer Privacy Act is the culmination of a move to address growing user privacy concerns and the continued rise in data breaches in many parts of the country.
In particular, the law explicitly attributes its genesis to the major privacy scandals witnessed in recent months, including the incident where Cambridge Analytica misappropriated Facebook user data of at least 87 million people. It is against this backdrop and other similar news that the law gained much of the political impetus that drove its successful passage.
The passage of this law comes on the heels of episodes of intense negotiation especially from US tech giants and leading internet service providers. The discussions also brought to the table various privacy advocates, a number of technology startups, and other concerned parties.
Many have described this new piece of legislation as a landmark policy that constitutes the most rigorous consumer data protection regime in the US. It is joining the likes of the Canadian Anti-Spam Law (CASL) and Europe’s General Data Protection Regulation (GDPR) which constitute part of a global movement toward greater data transparency and stronger protections around consumer privacy.
What Sets CCPA Apart?
First, compared to the GDPR, which continues to have an extensive influence across the globe, the California law exclusively applies to the State of California and its residents, not the entire United States of America. But considering that California boasts a population of 40 million, it’s only likely that every company involved in collecting user data in the U.S. will be affected by this law.
While GDPR requires that by default, businesses opt out of collecting consumer data unless the consumer gives them the explicit rights to do so, the California Consumer Privacy Act does not impose such a requirement. It doesn’t require companies to seek people’s permission to collect their personal information from the get-go. The legislation is rather focused on empowering consumers to have a say over their privacy and the collection of their personal information.
For the rest of the US, there is a separate bill in the pipeline, AB-2546, that is set to amend California’s anti-spam law in a bid to strengthen its provisions. As it is, this law will not be limited to the State of California, but rather, will have a sweeping effect throughout the United States of America.
Who Is Affected By This Law?
According to the text of the California Consumer Privacy Act, companies that fit the following criteria will have to abide by the provisions of the new law:
- Businesses that are involved in brokering data, as well as those that buy the data, sell, or share the personal information of approximately 50,000 or more individuals, devices or households.
- Companies whose annual revenue mostly comes from the sale of consumer personal information.
- Businesses that have at least $25 million in annual gross revenues.
Failure to abide by these provisions would attract legal action against the errant companies – with the cost of damages stipulated to be anywhere from $100 to $750 or higher. With California law in effect, citizens have the right to bring a civil action against any business that operates in violation of the law.
The law also allows the state of California to bring charges against errant companies directly. In such a case, the fines levied will be $7,500 for every violation that remains unaddressed within a 30-day window.
The cost of violating the California Consumer Privacy Act can be significant. Companies that are bound by this piece of legislation must obey it or run the risk of paying huge fines. Both government and consumers will be on the look-out to see whether companies will adhere to these new regulations or run the risk of being fined. An even greater penalty, companies that refuse to abide by these regulations may damage their reputation and lose the confidence of consumers.