Earlier this year (25th May 2018 to be precise), we had the European Unionโs GDPR, which in many terms is a milestone in the digital age.
It gives the EU and the EEA citizens more transparency of why, how and where their information is being used. That at the same time gave out some major hiccups to many local and international businesses all over the world.
Now, following the footsteps of the European Parliamentย andย Council of the European Union we have here a new regulation- โCCPAโ. A law for California, to give Californians the โwho, where, what, and whenโ of how businesses handle consumersโ personal information.
Many of you must have already heard of it by now.
So, let us now discuss the main elements of this new California Consumer Privacy Act of 2018.
Effective Date & Deadline for CCPA- The Californian GDPR:
AB 375 California privacy act, officially known as the California Consumer Privacy Act of 2018 will become effective fromย January 1st, 2020 onwards.
This unanimous bill, signed by Jerry Brown, Governor of California was passed on June 28 2018, which initially started back in February 2017.
How Similar?
The 2018 California Consumer Privacy Act is in many angles like a ‘lite’ version of โEUโs General Data Protection Regulationโ for Califonia.
They have a very similar set of rules regarding the data classification, business rules, and tracking and to address consent and preferences of the Californians.
Consumerโs consent is necessary. Likewise, they may at any time opt-out of the selling of their Personal Information from any business.
The consent form and options must be understandable and precise. The cost of breaching this law is also staggering with a different amount of money with each rule violation.
Furthermore, that may go up to $750 per consumer per incident or actual damages; whichever is greater. The act includes rules for the commercial websites asking for their consent.
Key Differences-
The businesses may offer their users specific financial benefits in exchange for the individualโs consent to collect and process their Data and Information.
Additionally, the act strictly prohibits them from discriminating against those who have not given their permission.
The other significant difference is that in Europe, consumers must opt-in by providing consent affirmatively.
Moreover, those who are under the age of sixteen do not need to opt-in. What is more, is that they can opt-out of the sale of their information to third parties?
So, what happens if found CCPA Incompliant?
If you want to or already have any profit organization that:
- Receive, buy or share for commercial purposes, or sell off any personal information of 50,000 or plus Californians, households, or devices
- Have an annual gross revenue greater than $25 million
- Derive 50% or plus of your annual revenue from selling consumersโ data or information.
- Share any branding with a qualifying โbusinessโ or controls/ is controlled by that business.
Then you will have to comply with all the CCPA rules and regulations. The law will hold companies accountable for any data or information breaches.
If you own any website, you will โprovide a clear and prominent link’ on the business web home page, saying โDo Not Sell My Personal Information,โ that enables an individual to opt-out of the sale of their personal info or any data.
CCPA provides a limited private right of action for found data breaches. It allows consumers to sue them for up to $750 for each violation.
Whereas, for each intentional privacy violation the attorney general of California can sue anyone for $7,500.
Well, this is the second regulatory announcement over the use of personal data of their respective citizens.
But how much of an impact is this new regulation of California going to put on companies like Google, Target, Adidas, Facebook, Fitbit? Many such companies have had data breach experiences during the famous EUโs GDPR Movement.
Also, above all that, the question that arises between all of it is, is this โown digital privacy lawโ thing becoming a new trend?
Furthermore, the other states may opt for such regulatory measures. Still, with no doubt, these personal data rules and regulations are taking everyone by storm.
You May Also like to Read-
The Role of AI in Big Data: Unlocking New Possibilities