CCPA: California’s version of GDPR?
Data privacy is an issue that has become top of mind for both companies and consumers. This new awareness is thanks to a stream of legal actions being taken by governments to combat the many data breach incidents that have happened in the last few years. From the EU’s General Data Protection Regulation (GDPR) to Japan’s Act on the Protection of Personal Information, governments are taking a stand on consumer data issues.
The U.S. recently joined these countries with the California Consumer Privacy Act (CCPA), which was signed by Governor Jerry Brown on June 28, 2018 and will go into effect January 1, 2020. The CCPA will protect the rights of California consumers and encourage stronger privacy online and greater transparency overall.
Currently, in the United States, businesses collect information about consumers and are able to sell it to third parties without consumer approval. The California Consumer Privacy Act was crafted to give consumers ownership, control, and security over their personal information. They will be able to request that a business is transparent about the information it collects and prevent their data from being sold to third parties.
Californians will have the right to:
Know the personal information that is being collected by companies
Have access to the personal information being collected and request that it’s deleted
Know if their personal information is being shared, and if so, with whom
Opt-out of the sale of their personal information
Have equal service and price, whether or not they choose to exercise their privacy rights
Businesses will also be prohibited from selling data from consumers aged 13-16 unless the consumers opt-in. Those under the age of 13 will need consent from a parent or guardian.
The CCPA does not cover all businesses. California businesses that may be subject to compliance:
Earn $25,000,000 or more a year in revenue
Annually buy, receive, sell, or share personal information of 50,000 or more consumers, households or devices for commercial purposes
Derive 50% or more of their annual revenue from selling consumer personal information
Those who do not comply will be charged a fine for any violation that is not addressed within 30 days.
CCPA is similar to GDPR in that it encourages transparency and security. However, there are a number of stipulations that differ. For more information on the specific similarities and differences between the GDPR and CCPA, explore this interactive Venn diagram that compares the two.
This is not the last time you’ll be hearing about a privacy act. In the near future, companies should be prepared to comply with more strict regulations and consumers should know their rights under these laws.