The California Consumer Privacy Act just got into effect last Jan. 1, and it looks like no one, even the California state itself, is completely ready. Draft regulations for the laws' enforcement are still under finalization at the state level, and questions on particular aspects of the most far-reaching privacy regulation since the European Union's General Data Protection Regulation (GDPR) remain unclear.
In an article on The Verge, Reece Hirsch, co-head of the privacy and cybersecurity practice of Morgan Lewis, said, "If you thought GDPR was bumpy, the CCPA is going to be a real roller coaster." Additionally, Hirsch has also been advising its clients to adapt to this new regulation. This, she emphasized, "is a complex set of new rules, which are still a work in progress." Here's the bottom line of CCPA: If a company purchases or sells data "on at least 50,000 California residents every year, there is a need for it to disclose what the company is doing with the data." Residents, on the other hand, can request the firm not to sell it.
Aside from requesting not to sell, consumers (the California residents) can also request firms bound by CCPA, to delete the personal data they gathered. More so, as reported by The Wall Street journal, websites that have "third-party tracking are supposed to add a 'Do Not Sell My Personal Information'" button that once clicked, prevents the site from sending information about the customer all third parties which include advertisers.
CCPA Compared to GDPR
In spite of the handwringing before the deadline in 2018, the official acceptance and implementation of GDPR went flawlessly as anyone would expect it. Incidentally, Google, and Facebook are already dealing with billion-dollar lawsuits over suspected violations of the GDPR. However, it will take many years before these lawsuits are closed. And, until then, small firms need to have only a scrambled sense of how they might be susceptible to the role. More so, compliance continues to be, as described on The Verge, "something of a puzzle."
Nevertheless, the CCPA is possibly to be an even greater challenge in terms of compliance. It is the first comprehensive legislation in the US to provide the consumers with control on the manner their personal information is utilized online and may indicate how the rest of the states will search for protection of the privacy of their residents. This was also according to Hirsch, who added, he is advising consumers not just update their respective privacy policies but create procedures for the retention of copies of any personal information gathered about them, as well.
How Most Major Industry Players Take the CCPA
Common Sense (a children's privacy advocacy organization) CEO James Steyer said he thinks most companies "are making good-faith initiatives" to comply with CCPA. Relatively, Microsoft announced in November. It was planning to implement CCPA's provision, not just in California bot for all consumers, as well. More so, major industry players, according to Steyer, view the CCPA as "being their long-term interests" since it will develop more trust among the consumers.
In connection to this, Hirsh said, it is not completely clear what the state is using in defining the word, 'sale' of consumer information. He added that the broad definition of the word "is pain on for a lot of businesses" as it possibly includes sharing information for online marketing and advertising." Another issue related to privacy law is the manner a company is going to guarantee it is deleting the right data of the customer without gathering more information to verify them.