9 Burning Questions Regarding California Consumer Privacy Act

Article

.

General Data Protection RegulationsEU GDPRGDPR Software ComplianceBusinessSmall Scale BusinessCalifornia Consumer Privacy ActCCPACCPA Software ComplianceSubject Access RequestsDSARs
9-Burning-Questions-Regarding-California-Consumer-Privacy-Act

Ever since it’s introduction to the world 2 years ago, GDPR has been the prime concern for data experts all over the globe. Now that it’s taken effect and currently wreaking mayhem over large-scale enterprises, it was almost certain that similar laws will be introduced in other countries too. As expected, a new privacy law now known as California Consumer Privacy Act of 2018 was introduced. Later this year, California will be voting on this law which has already earned the attention of Google and Facebook.

Similar to GDPR, the California Consumer Privacy Act aims to educate people. Its purpose is to draw our attention to how much personal information we share with companies and how much of it is shared with the third parties. But this is basically the extent of similarities between the 2 laws.

1. Is it limited to the companies in California?

No. The law is for every company in the world that has customers living in California. If an Indian is visiting New York, the law wouldn’t be covering him/her, but any person that is a resident of California will be covered under this law. With an estimate of 40 million residents in California, it is very unlikely that any company based in any part of US would be able to avert this law. Smaller businesses that collect and/or sell personal information are also covered under CCPA. So any business that processes ‘personal information’ should very concerned about the law.

2. Is it just the United States version of the European GDPR?

Yes and No. Similar to GDPR, the California Consumer Privacy Act aims to give people the right to know what information companies collect about them. But unlike EU-GDPR, the bill wouldn’t necessitate companies or businesses to get consent to collect information in the first place. However, the interpretation of this act is yet to be seen.

3. What exactly falls under the category of ‘personal information’?

It includes all kinds of information. From a person’s name to his ethnicity, every bit of information is considered ‘personal information’. It includes the normal stuff like a person’s mailing address, driver’s license, and Social Security numbers as well as their digital footprints like their IP address. It also covers race, gender, and career information. Let’s say you own a small business that only processes standard details about people, like their name and their E-mail addresses. According to CCPA, you are processing ‘personal information’. You would have to comply with your data subject’s requests under this law.

It would also include web browsing and search histories and any kind of information that defines what a person does on an app or a website. E-commerce sites like Amazon that use data related to people’s buying habits to provide them recommendations will be particularly affected under this law.

4. What does the law require from the companies and businesses?

Only if a California resident asked to know, companies are required to inform the person, what kind of information they are collecting. If the company decides to share or sell that information to a third party organization, they are required to tell the person in question, but only if that person asked. Then if the company decides to sell that information to a third party “for business purposes”, the consumer has a right to ask the company to stop selling it. The person can also ask which types of information were sold or shared, and to whom. The company is legally required to honor these requests.

The same goes for all the small and medium scale enterprises that collect, process, share or sell people’s personal information that is resident in California.

5. So a company can keep collecting and sharing a person’s information as long as it complies with that person’s requests?

Yes. As long as the company or the business complies with that person’s request to be informed and the request to stop the flow of information, they can keep collecting and sharing that person’s information.

For instance, let’s say that you run a small scale travel agency in Australia. You often have customers from the US and California and you process details like their name, E-mail, residential address, and phone number. Now you decide to sell or share that information to hotels in Australia for business purposes. Now you are allowed to do that, up until the moment that person asks you to stop doing that.

Every business processing private information will be receiving a lot of requests from customers. Handling so many requests (All of which are mandatory to comply with) is very difficult for businesses and the penalties are high. This is exactly the problem, YourSafeHub is made to deal with. Implement YourSafeHub in your organization to handle all these requests with ease, within legal timeframe.

6. And even if a company sells a person’s information and that person asks it to stop, the company can still collect that information?

Yes. The person has a right to stop the company or the business in question from sharing or selling his/her information to the third parties. But that doesn’t stop them from collecting the information for themselves.

7. What do the big tech companies like Facebook and Google think about it?

Both Facebook and Google are reportedly opposing the bill. As a matter of fact, all the big tech companies like Facebook, Google, AT&T, Comcast, and Verizon have donated $200,000 each to the ‘Committee to Protect California Jobs’. It is an organization that is trying to oppose the bill. All the big tech companies either rule or want to rule the digital advertising industry. By using people’s personal data, they target them with ads that best suit their personality traits. So they provide exactly what the person want and get maximum click-through rates in the process.

8. Is this an anti-ad targeting bill?

Not according to Alastair Mactaggart, Campaign Chair, Californians for Consumer Privacy. He said, “We still allow advertising, and we still allow targeted advertising,”.

9. So if this isn’t about targeted ads, then why are all the big tech companies opposing the bill?

Good question. To our understanding, it’s not just the targeted ads, but a whole lot of legal complications that these companies will be facing if this law is passed. In order to provide quality results, these companies require a boundless environment. The law will be restricting the industry in many ways that are yet to be interpreted. That’s the reason for them to oppose the bill.

Summary:

We at Aquevix think that all these privacy laws are going to be more and more rampant. Consumer privacy is a growing concern all over the world and laws like European GDPR and American CCPA are just the beginning. Pretty soon, laws like these will exist all over the world and every business needs to prepare for that. Every business processing private information will be receiving a lot of requests from customers. All of which are mandatory to comply with. Handling so many requests is very difficult, especially for small-scale businesses that have customers in California. This is exactly the problem, YourSafeHub is made to deal with. Implement YourSafeHub in your organization to handle all these requests with ease, within legal timeframe.