California’s New Data Law Will Show Us if We Really Care About Privacy
By: Ryan Hatch
On New Year’s Day, a new law, the California Consumer Privacy Act (CCPA), quietly went into effect across the Golden State. The law gives 40 million California residents the right to know what’s happening with their personal online data (what data is being collected, and if and where it’s being sold), to access any and all information a company may have, and, finally, to opt-out of such collection and selling without punishment like slower services or higher prices. California is the first state to enact such a law, similar to The General Data Protection Regulation (GDPR) implemented in Europe, in 2018, a sweeping measure that offers general data protection for all EU residents and marketed as the “right to be forgotten.”
The CCPA has received backlash from a few angles. Consumer advocates say there remains too much onus on users to extract data and information from companies — who, one wonders, has time to keep tabs of one’s data and behavior across dozens of websites? Who has the energy to navigate different user interfaces and read pages of legalese? Who, once there, knows the right questions to ask? And companies aren’t thrilled either, but for different reasons; their guns are drawn to keep the World Wide Web the Wild West. The job hosting site Indeed tells users, “at this time, we are not able to provide our core products and services without these [data] transfers. However, you can still use Indeed to find and apply to jobs to the extent that you wish!” It’s unclear if this stance violates the CCPA. Facebook, with its 2.3 billion worldwide users, also takes issue with CCPA, claiming that its business isn’t in selling data, simply “sharing” it, so, it says, the new law doesn’t apply to 1 Hacker Way. It’s also unclear if this argument will hold. On top of everything, it’s yet to be seen how stringently the attorney general’s office in California enforces the law, if at all.
If looking for precedent, GDPR has already levied some big penalties: Last summer, Marriott and British Airways were hit with $123 and $230 million fines, respectively, for data breaches.
Still, almost a month since CCPA passed into law, most digital companies seem to be playing nice, at least publicly (are you getting all those emails…
