High-profile data breaches that compromise sensitive user information have become a common sight in newspapers. For example, US credit bureau Equifax suffered a security breach in 2017 that resulted in stolen personal information that includes the social security and credit card numbers of hundreds of millions of individuals. Such instances have made data privacy a major discussion point for consumers and business executives alike. Many have also become wary of tech companies and what they’re doing with user data, especially after a whistleblower told major US publications that the data analysis firm Cambridge Analytica used personal data from millions of Facebook profiles to help elect US President Donald Trump.
This is why the passing of the California Consumer Privacy Act into law is monumental and can drastically affect how companies in Silicon Valley interact with sensitive user information. The new California privacy law is set to take effect in January of next year and will subject US companies to stringent privacy regulations.
The California Consumer Privacy Act explained
The California Consumer Privacy Act also known as AB 375 was signed into law on June 28, 2018. The act gives Californian consumers data protection from companies. This includes:
- The right to know if their personal data is being collected, what categories are being collected, and for what purpose.
- The right to prohibit businesses from selling their personal information.
- The right to access their personal data.
- The right to request the deletion of their personal information if it was collected from them.
CCPA covers businesses in California and every business that collects and sells personal information of a Californian consumer. The businesses must also meet at least one of the following criteria:
- Have an annual gross revenue of $25 million dollars or more
- Process personal information of more than 50,000 consumers or devices for commercial purposes
- Earn 50% or more of their annual revenue from selling personal data
A Win for Consumers
As previously mentioned, the new privacy law in California includes a number of data rights that will greatly benefit online users. In a nutshell, the CCPA requires companies to be more transparent to their consumers. This is a welcome development as tech giants have notoriously collected an alarming amount of consumer data and used them for different commercial reasons.
Companies will now have to be clear and direct about what and why data is being collected. Most importantly, they cannot sell personal information without permission. This gives consumers better control of their data, which was previously being processed in various ways without their knowledge. This also helps ease their worries about their privacy. In addition, consumers can now sue companies and hold them accountable in the event that the collected personal information was stolen, compelling enterprises to implement stringent security solutions to protect sensitive user data.
Companies Lobby Against CCPA
The largest tech companies like Google and Facebook are located in Silicon Valley, California. Naturally, these tech giants are lobbying to change the CCPA’s provisions as they will be the most affected by the law. Currently, they are exerting all their efforts to push for amendments that will not force them to change a huge part of their business and use plenty of resources just to ensure compliance. Companies that fail to comply will be subjected to costly penalties. Noncompliance can cost companies up to $7500 per violation.
Business executives including Amazon’s Jeff Bezos signed an open letter urging Congress to instead pass a consumer data privacy law that would establish a national privacy framework to enhance consumer protection. The said framework is developed with the help of companies across various sectors.
While CCPA is designed to be beneficial for consumers, companies should pause and consider the potential benefits that the law can also give them, especially if legislators will refuse to make amendments. After all, making consumers happy and satisfied must also be their priority. Large enterprises can leverage their CCPA-compliance to attract new consumers outside California. Following the stringent regulations of the law means that their company has built a robust security perimeter and has put a premium on data privacy and protection. With the increasing number of data breaches around the world and data privacy becoming a major concern for almost every online user, compliance with strict data regulations should make a good impression.
There’s still a couple of months before the CCPA C deadline, and with large enterprises still lobbying against the law’s provisions, it will not be surprising if there would be changes in the regulations. However, Californians should still feel happy as the privacy law is already a huge win for the consumers of the state. CCPA gives them unprecedented control over their online data. Americans outside the state should also be hopeful. Other states historically tend to follow California’s legislations, and we may see similar privacy regulations enforced in the entire country.