The California Consumer Privacy Act of 2018 and its Effects
Updated: Oct 7, 2020
At the moment, 89 independent countries, including most of Europe, have adopted comprehensive information policy laws. Excluded from this list is the United States. Instead, it adopts limited sectoral laws in certain areas that are derived from the Federal Trade Commission’s (FTC) Fair Information Practice Principles, which laid out the mostly accepted principles of Notice, Choice, Access, Security, and Enforcement. In light of recent controversies over data privacy, such as the Facebook-Cambridge Analytical data scandal, and increased data regulation, such as the General Data Protection Regulation (GDPR) being implemented in the EU as of May 25, 2018, a new data privacy law has been passed in the state of California. On June 28, 2018, AB 375, also known as the California Consumer Privacy Act (CCPA), unanimously passed through the State Senate and Assembly.
At first, the CCPA started as a ballot initiative, led and funded largely by Bay Area real estate developer Alastair Mactaggart, who spent over $3 million on the initiative. It received some support from privacy advocates, such as Common Sense Media. After being certified and receiving over 600,000 signatures, the voter initiative was slated to appear on California ballots in November. However, the CCPA was passed instead as legislature, which would allow lawmakers to modify the bill easier then it would have been to amend a ballot measure. It is set to be implemented in January of 2020.
The CCPA aims to change how businesses in California and their consumers share data. Importantly, it grants the rights to know the data collected on an individual, decline the sale of one’s data, delete the data collected on an individual, and mandates individuals under the age of 16 to opt in before data is allowed to be collected. Many other rights include the rights to access the methods used to collect an individual's data, the categories of the third parties with whom the data is shared, and the right to know what the data is being used.
The full text of what the CCPA does can be found here:
However, many major tech companies and other organizations oppose the CCPA, believing that it has the right intentions but contains too many loopholes and hurts the companies as well as the consumers. Loopholes could allow companies to share data rather than sell it, or charge higher prices for those who decline the collection of their data. Many features of these companies, such as personalized marketing based on search history, customer loyalty programs, and apps that use location data could also potentially be destroyed due to the CCPA. Opposition groups such as The Internet Association and the Committee to protect California Jobs also agree and cite a lack of public debate about the CCPA as well as the rushed nature of its development. Companies such as Amazon, Microsoft, Uber, Google, AT&T, Verizon, and many others have funded these opposition groups in attempt to lobby the lawmakers. Notably, while at first Facebook also contributed to these opposition groups, it has since halted its support.