Your information, including your name, location, and purchasing patterns, has been a commodity for many years. Whether it’s been gathered, purchased, sold, shared, or transferred, a lot of businesses have access to a lot of information about you. They make a lot of money off of it and use it in ways that you never authorized (and frequently aren’t even aware of). You weren’t able to stop them easily either. To a certain extent, that’s about to change. California Ccpaprovenzanogizmodo.
Businesses operating in the state of California are required by the California Consumer Privacy Act to give customers the choice to opt-out of having their data sold, deleted, or collected about them. If businesses don’t act promptly, customers may sue them for up to $2,500 per violation and up to $7,500 whenever they purposefully break the law.
The act broadly defines personal information, which may include (but is not limited to) identifiers (name, address, online identifier, IP address, etc.), purchasing history, geolocation, audio/video, biometric data, inferences about your personality or psychological trends, and even “olfactory” data. The act also makes it possible for Californians to view the sources of that data, the categories it has been assigned to, and the kinds of third parties it has been shared with. California Ccpaprovenzanogizmodo.
Companies that make more than $25 million per year, companies that buy, sell, or collect data from 50,000 or more consumers for commercial purposes, and companies that make 50% or more of their revenue from selling consumers’ personal information are subject to the regulations. According to Reuters, this means that notices will appear not only as windows in apps and on Target.com, but also as physical signs in physical retail outlets such as Walmart.
According to most experts and stakeholders, the law is far from perfect. Some critics, such as Eric Goldman, a professor and co-director of the High Tech Law Institute at Santa Clara University School of Law, are concerned that the law will harm the businesses that must comply. According to a report prepared for the state’s attorney general’s office, CCPA compliance will cost businesses $55 billion in initial charges.
“Most U.S. companies are far from CCPA ready,” Altaz Valani, director of research at the software security company Security Compass, told in an email. “U.S. companies with operations in the EU that have proactively made changes to their privacy practices when the GDPR [Europe’s General Data Protection Regulation] came into effect are ahead of the compliance curve, but the majority of companies are still in preparation-mode [and] are not expected to be compliant by the January 1, 2020 deadline.”
The Times reports that it appears to be unclear how far this goes in part because data collection is so pervasive and the law only applies to companies doing business in California. Additionally, the act permits businesses to keep consumer data against their wishes if it is “reasonably anticipated within the context of a business’ ongoing business relationship with the consumer”—which probably means that organizations like Facebook, which had previously opposed the act, won’t be going out of business anytime soon. Facebook claims that this service is frequently required to keep the site running, but the social media platform, which already lets you see the data they collect, deftly makes money off of your information by doing the analysis themselves and packaging you as part of an ostensibly anonymous demographic for advertisers. They also like to remind you that you are not required to use their products, even though they know you probably will, even if you don’t like it.
