“If people just understood how much we knew about them, they’d be really worried.”
The above quote, pulled from the Californians for Consumer Privacy website, served as the catalyst for the California Consumer Privacy Act, or CCPA. Effective January 1, 2020, the CCPA gives consumers in California control of their personal information by imposing compliance requirements on entities that collect data.
What is the goal of the law?
It’s no secret that many organizations collect and profit from consumer personal information by selling it to third parties, sometimes without the consumer’s consent or knowledge. The CCPA aims to change that with an initiative based on three principles (source):
- Transparency: consumers should be able to know what personal information companies collect about them, their children, and their devices, and to whom that data is being sold.
- Control: consumers should be able to tell companies not to sell their personal information, and companies shouldn’t be able to retaliate against consumers who exercise this choice.
- Accountability: after all the massive data breaches in the last few years, the CCPA allows consumers to hold organizations accountable if they fail to take good care of personal information.
To whom does the law apply?
The CCPA applies to for-profit organizations, both online and brick-and-mortar, that conduct business in California, whether they are located in California, a different state, or even a different country.
The organization must also meet the following requirements:
- An annual gross revenue over $25 million
- Possession of the personal information of 50,000 or more consumers, households, or devices
- More than half of its annual revenue must be earned from selling consumers’ personal information
How does the law define personal data?
The California Consumer Privacy Act defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Examples include:
- Full legal name
- Current and past home addresses
- Biometric data
- Internet protocol address
- Email addresses
- Account names
- Social security number
- Driver’s license number
- Passport number
- Employment data
- Geolocation data
- Internet or other electronic network activity
What rights do consumers have under the California Consumer Privacy Act?
The official CCPA website details consumers’ rights. In short, the act is expected to accomplish three main goals:
- Allow consumers to know what personal information organizations are collecting.
- Give consumers the right to opt out and prohibit organizations from sharing or selling information.
- Empower consumers to take legal action against organizations that suffer a data breach.
The law also requires data collectors to provide a link on their website that enables individuals to opt-out of the sale of their personal information. Children between the ages of 14 and 16 must manually opt-in, and a guardian or parent must opt-in on behalf of children under 13.
Why does the California Consumer Privacy Act law matter?
While the benefits only apply to residents of California, the CCPA sets new standards for consumer privacy. If successful, it could inspire other states to impose similar regulations on data collectors and give consumers control over their personal information. After all, every single one of us deserves to know who is collecting our data, and who that data is being shared with or sold to. Those rights become a reality under the CCPA and hopefully, it will one day be the standard nation-wide.
Latest posts by Justin Bonnema (see all)
- Tis the Season for Holiday Shopping Scams - December 11, 2019
- iPhone Privacy: It’s Not That Simple - November 7, 2019
- California Consumer Privacy Act: What it is and Why it Matters - October 25, 2019