Despite being home to some of the world’s largest data-collecting companies, there has been outrage in the United States surrounding data privacy in the wake of the Facebook and Cambridge Analytica scandal. This outrage has prompted lawmakers around the world to push for stronger data privacy laws to protect consumer information. The European Union’s General Data Privacy Regulation (GDPR) was seen as the first major step towards data privacy and has prompted many similar laws in countries around the world, including the United States.
The first of the states to pass such a law is California, the home of Silicon Valley and its many tech giants. The California Consumer Privacy Act (CCPA), passed in July, contains hints of the EU’s GDPR.
The law stemmed from a ballot initiative called “Californians for Consumer Privacy” that gained enough signatures (600,000) to make it onto the ballot. This initiative’s restrictive policies prompted a rushed response from the Californian legislature to establish a better solution. The CCPA was introduced on June 21st and passed into law on July 3rd; the ballot initiative was then withdrawn.
The CCPA grants consumers more control over and insight into the spread of their personal information online. Under this law, consumers have the right to know what information companies are collecting about them, why they are collecting that data and with whom they are sharing it. It gives them the right to have their information deleted and to opt out of having their information shared or sold to third parties. The anti-discrimination provision ensures that businesses give consumers who opt-out the same quality of service. The act further restricts data collection of minors, requiring consent to opt-in and for children under 13, authorization from parents.
The legislation makes it easier for consumers to sue companies after a data breach. It also gives the state’s attorney general more authority to fine companies that do not adhere to the new regulations. Companies are required to address reported violations within 45 days, with an option to extend for an additional 90 days in certain cases. Fines for each violation can reach up to $7,500.
The CCPA will take effect in January 2020. Read more about the initiative here.