How California’s new privacy protections could affect all Americans
In less than 24 hours, Californians ringing in 2020 will be entitled to new privacy protections under state law. At midnight on January 1, 2020, the California Consumer Privacy Act (CCPA) goes into effect. And while the act is nowhere as sweeping as Europe’s GDPR, the law is groundbreaking for the U.S., which lacks a comprehensive federal data privacy law.
As Fast Company reported at the time of the law’s passage, in 2018, the CCPA weighed in at 31 pages and more than 10,000 words. But since it was “rushed to a vote,” the law “contains lots of vague, confusing, and maybe contradictory language that will fuel many political and legal fights.”
Even so, some things are already clear: The CCPA will introduce new controls and safeguards over the data of California residents (and perhaps other Americans, too), and companies operating in California are getting a taste of what could be the model for data-privacy laws coming down the pike in other states.
The CCPA provides five major protections
Despite the complexity and size of the CPAA, the new law offers Californians five main protections, explains Vox. Though some of those protections are not quite as comprehensive as they may first appear:
Amazon and Walmart must follow the law, but smaller companies are exempt
While the law is set to be an administrative headache for many companies, there’s good news for small businesses: the CCPA will not apply to them. As Yahoo reports, small businesses are exempt from the CCPA if they make less than $25 million in gross annual revenues or have personal data on less than 50,000 customers. (The law applies to any company that makes more than 50% of its revenue from selling customer data.) Companies that don’t follow CPAA rules can be punished by a fine of $2,500 per violation. That fine triples if the company is found to willfully violate the CPAA.
Even if you’re not from California, the law matters
To implement the changes required by the CCPA, companies are updating their privacy policies and creating new links and buttons that direct users to opt-out forms. As Slate reports, some companies may find it too onerous roll out these changes only to Californians, which means that Americans living in other states could also benefit from CCPA. Already, Microsoft has pledged to extend the CCPA’s “core rights” to users across the country.
More of this kind of legislation is coming
Maine and Nevada have already passed their own, less restrictive data-privacy laws. Nearly a dozen other states, according to CNET, are considering legislation to regulate how companies collect and use our data. And they’re surely paying close attention to what’s happening in California.
(31)