What You Should Know About the California Consumer Privacy Act

Following last year’s Cambridge Analytica and Facebook data scandal, privacy has become a key issue on both sides of the aisle. With businesses collecting and processing data every second of the day, consumers are rarely sure of what amount of personal information they disclose is being stored and used as a tool for targeted sales.

The California Consumer Privacy Act (CCPA) is a consumer law that will safeguard individual private information disclosed to businesses. Following closely at the heel of the European Union’s General Data Protection Regulation, which tackles data protection for individuals within the European Union, with this act, California will spearhead tighter and more transparent regulations surrounding data privacy in the United States.

Officially called AB-375, CCPA was passed into legislation on June 28, 2018 and will come into effect in January 2020. It will give Californian consumers a right over the personal information they disclose to businesses and the manner in which it is used.

Consumer Rights Under the Act

Residents of California will have the right to:

  • Know the nature of personal information being collected
  • Know if said information is being sold and to which third party
  • Opt-out of the sale of such information
  • Equal service irrespective of insisting on data privacy

The legislation requires for-profit businesses functional in the state of California with an annual sales of at least $25 million and deriving 50 percent of its income from such sales to protect the privacy requirements of individual customers, failing which, consumers can file a lawsuit to claim damages.

In case of security breach, consumers can file individual or class-action lawsuits against any business that does so, recovering up to $750 in statutory or actual damages. Consumers can also seek injunctive and other kinds of relief.

How is CCPA Different From GDPR

Though largely similar to the regulation passed under GDPR for consumers in the European Union, CCPA differs mostly in legislative territory, applicable only to consumers and businesses in California.

It also varies in its definition of personal information. While GDPR refers to information relating to a person, including but not limited to social security number, biometric details and phone number, CCPA casts the net wider to include all information linked to a household as well. This means businesses will have to refrain from tracking IP addresses and utility invoices of a house without explicit consent.

The CCPA also provides consumers additional rights by allowing them to control their personal information. Consumers will have the right to enquire about the various categories of data collected. Businesses will also have to clearly provide consumers with an option to withhold private information, including a link on its homepage that will allow California consumers to easily opt-out of such usage.

Though all states in the US have some laws in place to protect consumer information, CCPA is considered one of the strongest data protection acts in the country, setting the precedent for the other states to follow suite.