What Is the California Consumer Privacy Act (CCPA)?
If you’ve ever read through a privacy policy, you’ve probably come across sections dedicated to GDPR and CCPA compliance. The abbreviation GDPR stands for General Data Protection Regulation, while CCPA refers to the California Consumer Privacy Act.
Mainstream news outlets have written extensively about the GDPR, so most people interested in online privacy are at least somewhat familiar with it. But what about the CCPA? What are the CCPA regulations, and who needs to comply with them?
What Is the CCPA?
The CCPA is a state statute, which means it only applies in thestate of California, and not in the United States as a whole. It was passed by the California State Legislature and signed into law by then-Governor Jerry Brown in 2018. Several amendments were passed in 2018 and 2019, and the statute became effective at the beginning of 2020. Later that same year, the statute was additionally amended and expanded.
The CCPA primarily aims to protect consumers' privacy, and sets strict rules that businesses have to follow. The statute applies only to California residents. As for businesses, the CCPA applies to any business that has a gross annual revenue of over $25 million, or has access to personal information belonging to more than 50,000 California residents, or derives more than half of its revenue fromselling their personal information. It is important to note that it does not apply to non-profits and government agencies.
What Rights Are Granted Under the CCPA?
So, what privacy rights do California residents have under the CCPA? Thanks to this statute, anyone who lives in the Golden State has the right to know what information a business collects about them and how that information is being used. Moreover, all California residents have the right to non-discrimination, the right todelete the information that has been collected from them, and the right to opt-out of the sale of their personal information.
There are some caveats. A California resident does not have the right to sue a business for most CCPA violations. Businesses can only be sued if they suffer a data breach resulting in a California resident’s data being stolen. Even in this case, the resident has to prove that the business failed to protect their information. And in that scenario, certain restrictions still apply.
The Right to Know and the Right to Opt-Out
Under the CCPA, all California residents have the right to know whatpersonal information businesses collectand share. This includes specifics in terms of how and through which methods the data is collected. Businesses, on the other hand, are required to provide this information to California residents free of charge.
Additionally, California residents have the right to submit a request to know, and businesses have an obligation to designate a minimum of two methods for a resident to submit their request. This can include website forms, email addresses, phone numbers, and so on. However, businesses have the right to reject this request under certain circumstances.
Likewise, thanks to the CCPA, all California residents have the right to “opt-out”, meaning they have the right to request that businesses stop selling their personal information. Though there are some exceptions, businesses are barred from selling a California resident’s personal information if they receive the request.
Businesses have certain obligations as well. They need to have a “Do Not Sell My Personal Information” link on their website, so that California residents can submit an opt-out request. And they need to offer at least two more methods for Californians to send their requests.
CCPA: A Step In the Right Direction
The CCPA is far from perfect, but it is definitely a step in the right direction. If a similar law were passed federally, American citizens would have relatively strong privacy rights, compared to the rest of the world.
And though you may not be able to fully protect your privacy until such a law is passed in the US or wherever you are, there are still ways to make your personal data essentially worthless to tech companies.
The so-called “Big Tech” companies have gained attention for their data-collecting methods, but what can you do to stop them?
I gripped my chair the entire time—and then kept thinking about it when the screen turned off.
OneDrive is one of the best, but it has a catch.
The best features aren’t the ones being advertised.
These plugins will make you wonder why you used Photoshop in the first place.
Revolutionize your driving experience with these game-changing CarPlay additions.
