Earlier this year, Facebook and political consulting firm Cambridge Analytica infamously started a seemingly boundless conversation about online privacy and data privacy laws. The scandal revealed that the firm collected personal information of over 80 million users and sold them to third parties. Now experts and consumers recognize that online privacy is not just a luxury but a fundamental human right. As a response, the European Union in May implemented the General Data Protection Regulation (GDPR), which aimed to help individuals regain control over their personal data, and to further simplify the regulatory environment for international businesses.
Stateside, California lawmakers in June passed the California Consumer Privacy Act of 2018. It is a consumer-centric bill that gives individuals command charge over the handling of their personal data.
Protecting Online Privacy via CCPA
Like the GDPR, the CCPA aims to protect California residents from any threats of data breaches. Lawmakers rushed to pass the bill to bump a November ballot initiative that would have included stricter rules. On June 28, 2018, Gov. Jerry Brown signed the CCPA—just hours after the State Assembly and the Senate unanimously approved it. This then gives the bill more runway for amendments by lawmakers and other stakeholders. The law will take effect in 2020.
The CCPA details its three important pillars:
- Consumers have the right to request businesses collecting personal information to disclose everything they know about them.
- Consumers have the prerogative to request businesses to delete any personal information collected from them and opt out of databases.
- Businesses must release information about how individuals’ personal information was obtained and to whom they are sold.
The CCPA gives consumers complete control and ownership of their personal information. As a result, they will know how their information is used and sold in California and beyond. Businesses, however, can offer incentives to consumers who give their consent to provide their personal information.
As the bill was drafted quickly, given the runway, experts are calling on stakeholders to amend it comprehensively. In fact, according to a relatively recent report from CNN, Nicole Ozer from the ACLU stated that “effective privacy protections must be included that actually protect against rampant misuse of personal information, make sure that companies cannot retaliate against Californians who exercise their privacy rights, and ensure that Californians can actually enforce their personal privacy rights.”
Implications for California Businesses
Consequently, this is a wake-up call for everyone in tech companies. Data privacy laws are long overdue, and companies should know how to manage all the consumer data they gather ethically. The bill will require all businesses to comply—large companies, brick-and-mortar stores, as well as online stores. Likewise, small businesses that have collected information of 50,000 consumers must be compliant.
Business costs will subsequently increase for many companies to accommodate information requests and provide incentives to customers for their information. This may not be expedient for many businesses, and implementing new processes will be a challenge. Major tech companies like Facebook, Amazon, Twitter, and Google opposed the bill early on through their lobbying group, the Internet Association. Other tech companies also donated money to a California organization to oppose the bill.
A Blueprint for America Data Privacy Laws
Nowadays, tech companies have transformed their customers into their own products, and advertisers have become the customers. Things we long considered as free, like our social media accounts, veritably carry a tradeoff in terms of our online privacy.
Now there is a privacy movement growing not just in California, or the United States, but throughout the rest of the world. However, there is only so much the public can do to protect themselves from data theft. Data privacy laws and standards will undoubtedly prove to be even more critical in the coming years, and companies must remain entirely compliant to protect their customers’ civil right. Indeed, lawmakers are hopeful that the rest of the country will implement the same law similar to the CCPA in the future, where duty-bound transparency is key in business-customer relations.