The first data privacy act to the US in history arrived on January 1, 2020: California Consumer Privacy Act (CCPA). It goes even further than the GDPR (General Data Protection Regulation) that went into effect in the EU in 2016.
The CCPA does a few very important things to protect you and preserve the rights to your data. It requires that business operating inside California or serving California residents to disclose what sort of data is gathered about the user. California residents will simply have to ask companies if they are processing their data and within 45 days that company is required to supply the data collected about the user. If the company does not comply for any reason, they can be fined heavily for each infraction.
The CCPA is a little different than the GDPR in that users must opt out of data collection, unlike the GDPR where users can choose to opt-in. Additionally, the CCPA only applies to companies that process data on California residents and taken in at least $24 million in annual revenue, hold the data of 50,000 people, or make at least half of their revenue from the sale of personal data. While that hardly applies to every company gathering data, a big upside of the CCPA is that the law gives consumers the right to access or delete their personal data in some situations.
If you don’t live in California, you still may benefit: Many companies are proceeding as if the CCPA is a Federal statute. This makes it easier for companies in the long run to recall and purge data for anyone — not just California residents or those with a California IP address.
The prevailing wisdom is that something like the CCPA will be adopted nationally. This could well be the start of a movement to give the power of a consumers’ data back to them. Large companies like Amazon, Google, Facebook, and even grocery stores, pharmacies (or any store with a frequent shopper program) will be required to disclose consumer data collection and remove said data if the consumer wishes. Eventually we should see that all data, no matter where it is generated from or who collects it, will ultimately be controlled and owned by the consumer.
An intro to the CCPA from PC Mag
NOTE: This Emerging Trends piece is brought to you by CEDIA’s Technology Advisory Council and Technology Application & Innovation department.