California Consumer Privacy Act Becomes Law

The California Consumer Privacy Act (CCPA), the law that lets consumers in California know what data about them is being collected, where it would go, and if companies can receive permission from California consumers for it, is now live in California.

A new consumer protection law

Authored by Assemblyman Ed Chau (D-Arcadia) as Assembly Bill 375 in 2018, the CCPA began as a hotly contested bill based off of regulations currently in place in Europe. But by the end of the year it had unanimous support in both the Assembly and the Senate, and was signed into law by then Governor Jerry Brown.

Starting on Wednesday, many California residents now face pop-ups on websites asking them about their info and asking permission for it. Some have even been as blunt as saying “Do not sell my information.”

What the law means for Californians

“There’s a lot of mystery surrounding this, but it’s actually pretty simple,” said Blake Richter, a computer security expert. “Whatever place you are at online that would collect information from you, such as your name or other personal data, they have to say what they’re taking. They also have to say why and who it would be going to. They’ll ask if you are ok with them selling it, and you can say yes or no.

“No matter what you say they can’t charge you more or whatever, but they can offer you something for allowing them to have your data. I’ve been seeing free subscriptions and discounts so far.”

“And then you can demand to have your data deleted.”

“This is a good thing because it gives the user the right to do with what is really theirs, and it will be harder for companies to zero in on personal ads and things like that.”

Companies have six months to perfect compliance

Companies who were rushed into this and need to iron out a fair way to ask and inform users and consumers will have a grace period of six months. While many companies already have links and pop-ups going, many others with California users do not. By the end of June the CCPA will fully come into effect and start issuing fines for any violations. Due to this, many companies will have tests and gradual rollouts in the coming months. Larger companies like Facebook, Google, and Amazon, who have had many data information issues in the past several years, are currently working through many options since the law will issues a fine per each violation.

While many supporters are praising the bill, many others are disagreeing with it over security issues and slower computer speeds due to the number of permission boxes coming up.

A possible need for a federal law similar to the CCPA

A major concern is that California could lead a movement of each state enacting its own consumer protection law that each differs from California.

“It can be a huge problem,” pointed out Diana Fotopoulos, a consumer advocate in the District of Columbia. “California has one set. What if New York has another? And then Michigan. Then another and another. Some may be alike, some the same, a few may be radically different. That means every website that collects information will need to go on a state by state basis for asking. That’s a huge undertaking.”

“A lot of companies have to do this for taxes, such as Amazon. And that’s a lot even for them.”

“A federal law would be the best case scenario, like how the laws like this in Europe are. It’s blanket, covers everything like California, and it’s a lot easier on both companies and consumers.”

“For now California is a good start, but we can’t have it fragment for each state or else we are going to face a lot of confusion for years to come.”

The CCPA is currently being watched by many lawmakers from other states who are hoping to implement similar consumer protections. The CCPA will be fully enacted with live fines on July 1st.