Principles of Data Privacy in California: A Study and Open Data on Industry Reactions to CCPA
Prifina has conducted a major comparative analysis of the comments and suggestions submitted by various stakeholders on the proposed Regulations for the implementation of the CCPA (California Consumer Privacy Act).
The CCPA is part of a broader set of proposed regulations, such as GDPR, that give individuals rights to access their own personal data, based on which Prifina develops tools that bring the individuals personal data to their own control and personal cloud. Based on this revolutionary framework, new types of software applications can be created by anyone and offered directly to individuals where their data is always under their own control.
Considering the number of comments submitted as well as the sophistication of insights provided therein, Prifina saw this as an opportunity to harness that information into a more structured, industry representative format, where software developers and other stakeholders can get more information as they build new, personal data apps. Therefore, Prifina undertook the effort to categorize and organize the CCPA comments submitted by various stakeholders and release it to the public domain.
The full report and open data set are publicly available.
In total, 262 organizations and individuals submitted their comments and suggestions on the initial draft of the Regulations during the first public consultation period (Oct. 11 — Dec. 6, 2019).
The reaction from the industry created a wealth of insights with regard to the possible implementation of the CCPA and it’s adoption. Therefore, the Prifina team decided to collect and consolidate the suggestions and feedback submitted by various individuals, non-profit organizations, businesses, and industry representatives into one concise document and dataset.
Practical Utility of Prifina’s Study
The aim of this Study is to provide a useful resource for any party that has a vested interest in the regulation of data privacy matters in or outside California, and moreover the overall development of the data industry.
This Study provides a concise synopsis of the main issues that have been raised by various stakeholders during the process of the adoption of the CCPA and its implementing Regulations (the adoption of which is still pending).
In particular, this study can be useful in order to:
- Understand interests of various stakeholders (consumers, financial services institutions, businesses, governments, etc.);
- Understand the interface between the underlying technological foundations and challenges that arise in exercising data privacy rights;
- Learn about the trends in regulating data privacy. E.g., stakeholders motivations to develop bottom-up approaches in establishing industry-wide default notices and technologies that facilitate compliance with CCPA requirements.
- Get insights into Prifina’s main activities in building user-centric, user-held data ecosystem.
Mapping the Stakeholders and Their Interests
Prifina attempted to summarize those ten main themes in the “Data Privacy Infographics” (see below). Each of the ten domains contains a number of themes. An in-depth investigation of the comments submitted by 262 stakeholders helped identify which themes are more important to the different stakeholders.
Main Themes in Data Privacy
Having carefully examined the comment papers submitted to the OAG’s proposed Regulations, we grouped the issues raised by various stakeholders into ten major categories. These ten themes form the foundation for the Data Privacy Infographic:
- The scope of the CCPA and Regulations
- Definitions
- Notices and privacy policy
- Handling consumer requests
- Verification of consumers and necessary security measures
- Issues pertaining to the sale of data
- Value and valuation of consumer data
- Problems arising with regard to data practices involving minors and households
- Training employees and record-keeping
- Issues related to the enforcement of the CCPA, compliance and effective date of the Regulations
The Future: User-Centric, User-Held Data Models
Prifina sees how the data privacy ecosystem is shifting towards a user-centric, user-held data model. There are three noticeable and fundamental developments taking place in the field of personal data.
First, the adoption of new data privacy laws on different continents reflects an increasing interest in, and concern for, data privacy by lawmakers, politicians, and society in general.
Second, those new legal requirements result in increased costs for regulatory compliance which prompt businesses to look for alternative ways to obtain information about their customers.
Third, technological advancement has accelerated at an immense pace in the past few years: data processing technologies have reached a level of maturity where decentralized data management models have become feasible.
All of those changes that are happening in the market serve as weathervanes and indicate that we are moving towards a user-held, user-centric data privacy model. The major characteristics of the user-held, user-centric data model are depicted in the image below: the individual is at the center of the data ecosystem and the individual user has a master-copy of his personal data.
It goes without saying that one of the main premises and conditions for the functioning of a user-held, user-centric data ecosystem is data interoperability and portability. In order to facilitate data portability between services, Prifina has been building a community of developers, technology, and data privacy experts.
In the final part of the Study we outline the legal and technological landscape may look in the user-centric, user-held data ecosystem.
You can download the full report here.
To get access to the full set of research tools, including the spreadsheet with all industry data collected, please join the #Research channel on the public Liberty. Equality. Data. Slack.
You can also follow more about our research on Prifina’s website.
Connect With Us and Stay in Touch
Prifina is building resources for developers to help create new apps that run on top of user-held data. No back-end is needed. Individual users can connect their data sources to their personal data cloud and get everyday value from their data. Follow us on Twitter, Medium, LinkedIn, and Facebook, or listen to our podcast. Join our Facebook group Liberty. Equality. Data. where we share notes about Prifina’s progress. You can also explore our Github channel and join us at Slack.
