California Consumer Privacy Act: What you Need to Know about the Law and its Loopholes
Now that the new year has begun, so too has a new era of digital privacy…at least, in theory.
January 1st, 2020 was the day that the California Consumer Privacy Act, or CCPA, went into effect. Approved back in 2018, the new law is intended to empower consumers by granting them access to, and a certain measure of control over, the personal data that companies collect on them when they visit that company’s website.
Specifically, the law requires companies to:
- Provide citizens of California with access to any and all personal information their website has collected on them if requested (name, age, location, browser history, IP address, etc.)
- Lay out what they have done with said information (stored it, sold it, to whom it has been sold, etc.)
- Delete any or all of the personal information should the consumer so request it
However, not all companies are required to meet the CCPA’s requirements, only those that:
- Earn more than $25 million in gross revenue
- Collect data from more than 50,000 consumers
- Sell consumer data information for more than 50% of their revenue
Now, it’s important to note that the law technically only requires companies to offer these options to their Californian consumers, even if the company itself is not based in California. It does not hold the companies responsible for offering these options to consumers from other locations, but since it would be extremely difficult to implement the options with such a specific range, many companies are simply applying the policy to all their consumers.
While the idea of having access to the information websites collect on us, and the ability to stop them from sharing it with third parties we would prefer not have it, sounds wonderful, the fact remains that individual consumers must still put in the effort to make it happen. Most people don’t even read through privacy policies or terms of service pages to begin with, they simply click the agreement button and continue on without a second thought. The option may now be available, but the work involved to make it happen will likely be more than the average consumers cares to invest.
In order to even access the information websites have on you, consumers will be required to provide personal information to verify their identities, which many have pointed out feels counterintuitive. The potential for hackers to take advantage of this system could provide them with new opportunities to steal sensitive information, which would completely defeat the purpose of what the law was meant to achieve. What’s more, some companies are arguing over what exactly constitutes “selling personal data,” and are trying to argue that their business models do not fall under the law’s definition.
The new law may not be perfect, but for the time being, it must be observed. More laws like it are being debated across the country, and there are sure to be changes in the years to come, but this basic guide should help you navigate it here and now. Remember, you can always find more information on the official CCPA website.