

The California Consumer Privacy Act, widely known as CCPA or AB 375 is one part of the Consumer Privacy Legislation. The CCPA passed into California law on June 28, 2018.Some have described this bill as the “GDPR of the United States.” It empowers consumers when it comes to their private data. And it basically affects most tech companies in California, including Google and Facebook who were both publicly addressed for data violation.
The law does not apply to all businesses. It
primarily addresses data companies and tech giants. And there has been lots of
back-and-forth around it that suggests slight modifications and adjustments
before fully going into effect.
Despite the amendments, CCPA compliance should
be an ongoing activity for companies starting now. As any activity of sales of
personal information will be disclosed for the last 12 months since the start
of the law. which means disclosures will be as early as January 1st, 2019.
Why should I be concerned? The CCPA will be
considered as a benchmark that will likely influence legislation going forward.
And with the strong wave of backlash following recent privacy scandals across
lots of platforms, the new law shows no signs of slowing down, so amendments
will not affect the core concept of CCPA.
The world describes CCPA as the softer version of GDPR. However, it is in no way softer on demands or penalties. CCPA sheds the light on:
● User Control: Users have the choice to opt-out (or opt-in) from sharing their data. Users also have the right to recall their data, to have it erased, and the right to privately sue for damages if a company breaches the mutual agreement. A pending amendment allows for giving users the right to sue for privacy failures.
● Transparency: Users get to know which data is being collected and for what purposes. If data is sold or shared, they should know the full details of the sale. Users are able to know if a company has sold data to anyone in the last 12 months regardless of whether or not the practice has since stopped.
● Data security: companies are subject to fines and lawsuits for any personal information they fail to protect from hacks or misuse (e.g. internal employees looking at data without a business motive).
The law is generally aimed at two classes of businesses:
● Data brokers: companies that make the majority of their revenue by sales of personal information of customers or that trade more than 50,000 records per year.
● Medium-to-large companies: companies with greater than $25 million in annual gross revenue.
This means that the majority of small businesses, including most tech startups, are unaffected.
CCPA | GDPR |
---|---|
Mainly addresses businesses involved in sharing or selling information, with some requirements about the collection of information | Mainly addresses all businesses that
process information, regardless of
selling or sharing information. |
Empowers consumers and
requires businesses to be significantly transparent about collection, use, disclosure and sale of personal information | Empowers consumers and
requires businesses to be significantly transparent about processing personal
data. |
Companies are forbidden from selling personal information if they did not receive consent from
the consumer or provided explicit notices | Companies are forbidden from any sort of use of personal information if they did not receive consent, legitimate interest, contract agreements, vital interests, public interest or legal
obligation from parties involved |
If selling data, companies must give consumers the opportunity to opt out of that sale. | Before any data could be exchanged, companies must give consumers the right to opt in |
CCPA’s most significant trait is allowing for a massive increase in data transparency when it comes to data collection and use. Consumers have the freedom to provide their information in exchange for the services they desire, which means things like giving up an email address before getting access to a whitepaper will no longer be obligatory. More importantly, the law is likely to spread well beyond California and change many practices in the tech industry. Compliance initiatives should start immediately if not already started.
MASS Analytics Team
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.