California’s new privacy law, CA AB 375 or the California Consumer Privacy Act (CCPA) along with it’s attendant modifications and rules goes into effect next week. As companies scurry around to meet the January 1, 2020 deadline, here is some information on what CCPA means to the average resident of California and elsewhere.
While CCPA is still a bit of a work in progress, we need to put a fork in it anyway.
Why is it important?
This is the first time anyone, anywhere in the United States, has any “rights” to their data. While residents of the European Union have enjoyed rights to their data for about 18 months, and the world has not ended. This is a new adventure in the United States.
What Data Does This Cover?
It covers all the things you would expect like drivers license numbers, bank account information and your Social Security number, but it also covers a lot of other information. All biometrics are covered (like your iris scan, fingerprints and DNA). Also your IP address and other identifiers used to track you on the Internet. Even how you smell is covered. Data extracted DIRECTLY from public government records is not covered.
Can I Tell Those Social Media Giants to Delete Me?
You can, but I guarantee that they are going to try and discourage you or fool you. You don’t REALLY want us to delete your stuff – how about if we take your name off it; surely that is good enough. But you can ask them to delete it and they MUST do it.
What if they don’t do it?
The law allows for a $2,500 fine per violation or three times that if it is intentional. But the catch is that fine can only come from the Attorney General and he doesn’t seem that keen to enforce it. He is, however, a politician, so if there is political pressure or if he thinks that attacking some company will help get him reelected, it is game over. The law didn’t give him extra budget or people to enforce it.
What about if there is a breach?
That is a chicken of a different color. If there is a breach, any California resident can sue (or be part of a class action) for up to $750 per person affected, without having to show that they were damaged, or more if they can show that.
Expect there to be a cottage industry of attorneys in California going after breached companies.
Also, this right cannot be waived, so those shrink wrap agreements that no one reads – the ones that ban class action participation or lawsuits vs. arbitration – when it comes to this, they can’t be enforced.
Can I still use Facebook if I tell them not to sell my data?
They might be able to strip down the services, but only to the extent that they can show how much your data is worth to them. If they want to charge you, they also have to show how much your data is worth. Optics being what it is, I doubt very many businesses want the negative PR. They are just hoping that not very many people opt out.
What if I don’t live in California?
Technically you can’t take advantage of the law. BUT, you can see what is in the CCPA documents – what data they are collecting and how they are using it, for example.
Also, some companies are offering CCPA coverage to all residents of the U.S. Microsoft is one of those companies. In that case, the companies are voluntarily giving you the same rights, even though the law doesn’t force them to .
There will likely be a lot more information coming out, so stay informed. This is likely a dawn of a new era.
Unless Congress passes a weak national privacy law which overrides stricter state laws. Congress is talking about this, but it is a very sticky political subject so I am not counting on this. Still, no one is safe while Congress is in session. Source: CNet