Do individuals have a right to control their online profiles? Should big internet businesses be allowed to secretly collect data on their users? The new California Consumer Privacy Act says “yes” and “they shouldn’t”. Here’s how the law could affect the way you do business by creating a new frontier for internet privacy.
California Steps Into Internet Privacy Regulations Arena
We’ve all had a moment when we thought Google, Facebook, or one of the other big tech companies was stalking us. Maybe you were considering a purchase on Amazon only to see ads for the same product on your social media feed. Maybe Facebook recommended friends based on your Google contacts list. Today, it seems the technology companies know more about us, than we know ourselves.
But should they?
The California state legislature doesn’t think so. Last year, it passed the California Consumer Privacy Act. This law creates some of the strictest rules on how tech companies collect user data the world has ever seen. Like the European Union’s General Data Protection Regulation, the law requires websites to reveal what user data they collect and store, and gives users the right to ask for their information to be deleted (the famous “right to be forgotten”).
But the California Consumer Privacy Act goes much further. It controls the way businesses treat the personal information of California residents. It applies to any for-profit legal entity with
- Gross revenues of more than $25 million
- Access to the personal information of 50,000 or more California residents
- 50% of its annual revenue coming from selling California resident’s personal information
New Law Protects Broad Swath of Users’ Personal Information
Personal information is defined broadly too. It applies to anything that “identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” That includes:
- Names
- Addresses
- Email addresses
- Social security numbers
- Medical information
- GPS / location information
- Biometric information (like fingerprint logins)
- Browsing history
- Search history
- Cookies
- IP addresses
- Purchase history
- Account names
- Audio recordings
- Employment information
The law says users have the right to know which categories are being collected, and whether that information is shared with other legal entities. They have the right to submit “verifiable consumer requests” to get more information and to demand that the business delete their personal information.
The law also requires qualifying businesses to make it easy for users to opt out of the sale of that data. Businesses can’t bury the process to opt out in their user agreements. Instead they must make a “clear and conspicuous” place on their websites specifically titled “Do Not Sell My Personal Information.”
Businesses Have 6 More Months to Get Ready for California Consumer Privacy Act
The California Consumer Privacy Act takes effect at the start of 2020, which means businesses have less than 6 months to find out if they qualify, and put the necessary internet privacy protections in place.
And that won’t be easy. Lobbyists and legislators are still considering amendments that would tweak the law’s requirements and carve out certain industries (like airlines and auto makers). Several other states are already looking at similar legislation. That means the California law could become the law of the land. Some are pushing for federal regulation, while others want to wait to see how California’s roll-out pays off. California’s Attorney General, Xavier Becerra is looking at ways to make sure everything goes smoothly. A life-long “Star Trek” fan, Becerra told NBC News:
“This is the Enterprise,” he said. “We’re going where no man or woman has gone before.”
Getting Your Business Ready to Enter the Final Frontier of Internet Privacy
Business owners who do work in California or who own enterprise-level companies should start looking at internet privacy solutions now, so they aren’t caught up in the last-minute push to comply with California law. Even those whose business is national will need to be ready in case California’s law catches on elsewhere in the country.
If you think the California Consumer Privacy Act could affect your business, sit down with a Provisio Technology Solutions web solutions specialist today. We can help you update your existing website or create a new one with all the proper security protocols in place. Contact us today to schedule meeting with a web solutions specialist.