You May Not Be From California, But Here’s What You Should Know About California’s New Privacy Act
The California Consumer Privacy Act (“CCPA”), which went into effect on January 1, 2020, placed robust restrictions on the ways in which large companies may collect and use the personal data of California residents.1 The law grants California residents the right to know the categories and specific pieces of their personal data possessed by companies, the right to see which companies possess their data, and the right to know about the inferences companies have made about them based on their data.2 The law also grants California residents the right to delete their personal information compiled by a company, as well as the right to opt out of the sale of their personal data from one company to another.3 Finally, before selling or sharing for profit the personal information of a child under the age of 13, large companies are now required to obtain the permission of the child’s parent.4 However, the law does not apply to all companies: “The law covers ride-hailing services, retailers, cable TV companies, mobile service providers and other companies that collect personal data for commercial purposes and meet certain conditions.”5
Many people are wondering why there is nationwide buzz over a law that protects only California residents. There are two explanations. First, the California law benefits many United States citizens because large companies have announced that they will be expanding the privacy rights given to California residents by the CCPA to all of their users in the United States.6 Microsoft’s chief privacy officer announced that Microsoft would “extend CCPA’s core rights for people to control their data to all [its] customers in the U.S.”7 Mozilla, the maker of Firefox web browser, made a similar announcement: “CCPA rights for everyone.”8
The second explanation for the nationwide buzz over the CCPA is that “California’s first in the nation regulations comes amid a broad push from several different levels of government to create data privacy legislation.”9 On the state level, many states, including New York, Massachusetts, Oregon, Illinois, Maine, and Nevada are either considering or have already passed data privacy legislation.10 While this is a good start, complying with 50 different privacy protection laws would be incredibly burdensome and expensive for businesses implicated by each state’s privacy requirements.
Many people agree that the ideal solution would be a federal privacy law that would override all state laws, since it would eliminate the confusion, costs, and burdens associated with complying with 50 different state laws. In fact, an open letter addressed to the leaders of Congress was sent on behalf CEOs of 51 tech companies, including Amazon, AT&T, Dell, IBM, Qualcomm, SAP, Salesforce, Visa, Mastercard, JP Morgan Chase, State Farm, and Walmart.11 In the letter, the leaders of some of the country’s largest companies pleaded for federal action: “There is now widespread agreement among companies across all sectors of the economy, policymakers and consumer groups about the need for a comprehensive federal consumer data privacy law that provides strong, consistent protections for American consumers.”12 However, it is unlikely that Congress will pass a federal privacy law in the near future. While there is a “bipartisan belief that something needs to be done, online privacy is a thorny and multifaceted issue about which there are serious disagreements among industry, public interest groups, and legislators with different ideological predilections.”13 The polarization of Congress makes it even less likely that there will be any compromises anytime soon.
So why does this matter? The CCPA and future laws of the sort will directly affect the privacy and distribution of your personal information. Information such as your name, address, location, photos, videos, and browsing history are sold and shared between companies and even industries. This includes your personal content on Netflix, Hulu, Amazon, YouTube, Instagram, Snapchat, and other media and entertainment applications you visit daily. Without your knowledge, your information may be impacting your insurance premiums, targeted advertisements, and could even lead to fraud or identity theft. Therefore, if you own an electronic device, it is important to keep up with data privacy laws that affect you in order to enforce your rights and keep yourself safe in this digital age.
Megan Graham, California’s new privacy law puts billions worth of personal data under protection, CNBC (Jan. 3, 2020), https://www.cnbc.com/2020/01/03/californias-consumer-privacy-act-and-what-it-means-for-you.html [https://perma.cc/9M78-XT2J]↩
Jill Cowan & Natasha Singer, How California’s New Privacy Law Affects You, N.Y. Times (Jan. 3, 2020), https://www.nytimes.com/2020/01/03/us/ccpa-california-privacy-law.html [https://perma.cc/95L9-HD5R]↩
Graham, supra note 1.↩
Julie Brill, Microsoft will honor California’s new privacy rights throughout the United States, Microsoft (Nov. 11, 2019), https://blogs.microsoft.com/on-the-issues/2019/11/11/microsoft-california-privacy-rights/ [https://perma.cc/9F6C-5THG]↩
Alan Davidson, Bringing California’s privacy law to all Firefox users in 2020, Mozilla (Dec. 31, 2019), https://blog.mozilla.org/netpolicy/2019/12/31/bringing-californias-privacy-law-to-all-firefox-users-in-2020/ [https://perma.cc/7VGJ-DRG3]↩
Chris Mills Rodrigo, Historic California data privacy measure leaves companies scrambling, The Hill (Jan. 1, 2020), https://thehill.com/policy/technology/476368-historic-california-data-privacy-measure-leaves-companies-scrambling [https://perma.cc/S6P4-KRTF]↩
Catalin Cimpanu, 51 tech CEOs send open letter to Congress asking for a federal data privacy law, ZDNet (Sept. 10, 2019), https://www.zdnet.com/article/51-tech-ceos-send-open-letter-to-congress-asking-for-a-federal-data-privacy-law/ [https://perma.cc/K5YN-4SUT]↩
Christopher W. Savage, Federal Privacy Legislation – Dead, or Just Resting?, Davis, Wright, Tremaine LLP (Sept. 5, 2019), https://www.dwt.com/blogs/privacy–security-law-blog/2019/09/federal-privacy-law-updates [https://perma.cc/34FM-M6ML]↩