Prifina’s Comments on CCPA Regulations
California is paving the way to create a new consumer private data protection framework in the world.
The California Consumer Privacy Act (CCPA) which was enacted in 2018 provides California residents a number of rights, in particular: right to know what data businesses have about their consumers, rights to request to provide access to that data; rights to request the business to delete certain private data about the consumer; and, most importantly, right to opt-out from sales of consumers data.
The CCPA will become effective on 1 January 2020. In order to streamline the enforcement of the CCPA, Californian legislator mandated the Attorney General to draft a set of Regulations which would clarify what steps and measures business has to take in order to comply with the requirements of CCPA.
Recently, the Office of the Attorney General published the draft of the proposed Regulations that establishes procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply. As a part of the legislative process, the Office of AG provided an opportunity for the public to offer comments and suggestions on how to improve the proposed Regulations. Last week, the Office of the AG held four public hearings in Sacramento, Los Angeles, San Francisco, and Fresno.
It is not a secret, that the CCPA causes many compliance-related challenges to California-based companies. They claim, that the CCPA lacks specificity, that the costs of compliance are unreasonably high, and that some of the most important notions such as the notion of “sale” of customers’ data are too nebulous. On the other hand, consumer rights advocates applaud to the fact that this new law is coming into force.
Public Hearings in San Francisco
Prifina team attended the public hearings in San Francisco. Several hundred individuals attended the session, which was filled with emotions, noticeably different approaches between business lobbyists and the consumer-rights advocates.
There should be no debate about data privacy and what they should mean. Data privacy is a fundamental right, not a privilege, or a premium.
Some consumer rights advocates argued that pay-for privacy data models should not be tolerated; and that there may be many unintended consequences if data privacy becomes a commodity. Another journalist shared his personal experience of how targeted marketing tools on Facebook platform have been used to attract audiences to certain biased information associated with his name, even though he never approved or released such information. A legal counsel of one public utility company noticed that if sharing/selling personal data would be associated with certain discounts, it would lure low-income individuals to opt-in to such data “sharing” models and give away their privacy.
Big media company lobbyists argued that CCPA imposes a set of requirements that are impossible to implement, or that the compliance costs are too high. Small credit union representatives asked to defer the compliance period by two years indicating that their businesses (ca. 15–20 employees) are too small to be able to timely implement the CCPA. And here is one of the “crown-jewels” from the session in San Francisco:
“Let’s face it, this thing [CCPA] was written by a broken robot!”
There were some really insightful comments and suggestions on how to improve and the Regulations as well. One of the comments which quite resonated with Prifina’s current thinking is to bear in mind how data privacy rights can be activated in practice in order to attain data portability. In this regard, it is important to examine how customers actually deal with tools that help manage their data (consent buttons, changing default settings, interacting with various apps).
Prifina’s Comments on Regulations
Prifina team also used this opportunity to offer comments and suggestions to the text of the proposed Regulations. Prifina’s vision is that individuals should own their private data and be able to get superior value out of it. We see major trends in how companies are trying to adopt new approaches that help them get better data directly from individuals. We believe that CCPA is a great stepping stone towards the user-centric data ecosystem.
The full Comment prepared by the Prifina team can be viewed here:
The comments have been also made public on California Attorney General’s website dedicated to CCPA (linke to the file is available here).
Connect With Us and Stay in Touch
Liberty. Equality. Data.