In June of 2018, the California Consumer Privacy Act (CCPA) was signed into law. The landmark privacy legislation passed on the heels of the European Union’s General Data Protection Regulation (GDPR) and gave business owners and professionals until Jan 1, 2020 to comply.
While the CCPA doesn’t match the wide reach and stringent guidelines of the GDPR, it effectively set a new age of data privacy into motion in the US. Unlike the extensive tenants of the GDPR, the California law is based on four core concepts: transparency, user rights, accountability, and non-discrimination.
Transparency
Transparency standards set by the CCPA expand upon those established by the California Online Privacy Protection Act (CalOPPA) in 2003 by mandating further disclosures and better maintenance from a company’s privacy policy. For example, the CCPA requires businesses to detail California consumers’ rights in their privacy policy, and to update that policy at least once a year.
User Rights
Among the new user rights established by the CCPA are the right to access and the right to opt out of data sale.
The right to access bears a striking resemblance to the GDPR right of the same name. The CCPA right to access provides that consumers can request a record of what data a given company has collected about them. Furthermore, the California law grants consumers the right to request changes to this data, including the deletion of it entirely.
As for the right to opt out of data sale, businesses need to post conspicuous links reading “Do Not Sell My Personal Information” on their websites and privacy policies that lead consumers to a method of opting out of data sale.
Accountability
The CCPA seeks to hold businesses to higher standards of accountability by making data protection a priority. Not only do businesses face fines from the California Attorney General’s office for failing to secure their stores of data, but consumers now have the right to sue businesses if their personal information is compromised by a data breach.
Non-discrimination
Finally, the CCPA stipulates that consumers who may choose to exercise their data rights are entitled to products and services of equal price and value as those who choose not to act on their rights.
Note that there are exemptions to this component of the law, lending itself to potential misinterpretation and manipulation.
CCPA vs GDPR
It’s nearly impossible to discuss to the CCPA without bringing its unofficial predecessor — the GDPR — into the conversation. To learn more about the basics of each law, how they resemble one another, and how they differ, check out this infographic comparing and contrasting the two privacy laws:
https://termly.io/resources/infographics/gdpr-vs-ccpa/
Contributing Author: KJ Dearie, Product Specialist and Privacy Consultant, Termly
KJ Dearie is a product specialist and privacy consultant for Termly, where she advises business owners and digital professionals on how to comply with the latest data privacy laws and trends.
