INSUBCONTINENT EXCLUSIVE:
California much-debated privacy law officially takes effect today, a year and a half after it was passed and signed — but it&ll be six
more months before you see the hammer drop on any scofflaw tech companies that sell your personal data without your permission.
The
California Consumer Privacy Act, or CCPA, is a state-level law that requires, among other things, that companies notify users of the intent
to monetize their data, and give them a straightforward means of opting out of said monetization.
California Privacy Act: What you need to
know now
Here a top-level summary of some of its basic tenets:
Businesses must disclose what information they collect, what business
purpose they do so for and any third parties they share that data with.
Businesses will be required to comply with official consumer
requests to delete that data.
Consumers can opt out of their data being sold, and businesses can&t retaliate by changing the price or level
of service.
Businesses can, however, offer &financial incentives& for being allowed to collect data.
California authorities are empowered to
fine companies for violations.
The law is described in considerably more detail here, but the truth is that it will probably take years
before its implications for businesses and regulators are completely understood and brought to bear
In the meantime the industries that will be most immediately and obviously affected are panicking.
Silicon Valley is terrified of
Good.
A who&s-who of internet-reliant businesses has publicly opposed the CCPA
While they have been careful to avoid saying such regulation is unnecessary, they have said that this regulation is unnecessary
What we need, they say, is a federal law.
That true as far as it goes — it would protect more people and there would be less paperwork for
companies that now must adapt their privacy policies and reporting to CCPA requirements
But the call for federal regulation is transparently a stall tactic, and an adequate bill at that level would likely take a year or more of
intensive work even at the best of times, let alone during an election year while the President is being impeached.
So California wisely
went ahead and established protections for its own residents, though as a consequence it will have aroused the ire of many companies based
there.
A six-month grace period follows today official activation of the CCPA; This is a normal and necessary part of breaking in such a
law, when honest mistakes can go unpunished and the inevitable bugs in the system can be squelched.
But starting in June offenses will be
assessed with fines at the scale of thousands of dollars per violation, something that adds up real quick at the scales companies like
Google and Facebook work in.
Adapting to the CCPA will be difficult, but as the establishment of GDPR in Europe has shown, it far from
impossible, and at any rate the former requirements are considerably less stringent
Still, if your company isn&t already working on getting in compliance, better get started.
California new data privacy law brings U.S
