California Data Privacy Law Takes Effect

The California Consumer Privacy Act, which protects consumers’ privacy rights, went into effect on Jan. 1, 2020. The CCPA was originally passed in June 2018, in compliance with the California State Constitution’s guarantee of both privacy rights and consumer protection.

The CCPA legally protects consumers by granting them the right to “request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared,” according to the Legislative Counsel’s Digest of the bill.

This act gives consumers not only the right to access information about how their private data is used but also authorizes them the legal right to reject a business’s ability to use their private data, to request the deletion of their data, and to protect them from any discrimination which may arise from enforcing these rights.

The act was introduced by Assemblymember Ed Chau and State Senator Robert Hertzberg. The act is a protection of the “inalienable” right of privacy stipulated by an amendment made to the California Constitution in 1972. 

The bill was enacted under the general environment of widespread use and misuse of personal data in California. The range of personal data handed to the businesses could include one’s birthday, age, background, or even more detailed private personal information such as one’s average driving speed and list of online purchases. The provision of user information is often made violating the privacy rights of the subjects whose data is gathered from.

The CCPA is by far the strictest and most comprehensive privacy law passed in the United States to date. The law covers businesses and agencies who gather personal information of over 50,000 people each year and those whose annual financial revenue amounts to over $25 million. 

Since the act has been enacted, many large technology corporations have responded by providing their users with information on how their personal data is used. Microsoft, for example, set up a privacy dashboard where users can access the data collected by the service provider, understand how this information is used, and grant or remove the permission for the company to access this data.

Facebook, who was previously caught in the whirlpool of private data leak and data misuse by Cambridge Analytica, now also provides privacy protection service that allows users to download a copy of their own data from the website. 

While CCPA only pertains to California, companies who now provide information on personal data have also extended the service to all of their users, without differentiating where a user resides. 

As a precursor to the enactment of CCPA, the European Union came out with the General Data Protection Regulation in 2018, which also addresses the use and transfer of personal data and grants users similar powers to those outlined in the CCPA.

As companies comply with the law, there are still many challenges faced by corporations, such as limited implementation time and the building of the technological infrastructure to process the amount of personal data that they have collected.

Photo courtesy of Wikipedia.