While browsing the internet lately, you might have noticed a hyperlink at the bottom of each webpage saying: “Notice to California Residents” or “Do Not Sell My Personal Information.” Why are we, a Charlotte web design company, writing about California? Well, as is often said, “As California goes, so goes the nation.” That’s not always the case, but considering California is the tech capital of the U.S., and some argue the world, it’s important to pay attention to what’s happening in the state because a nationwide privacy law could be just around the bend.
The California Consumer Privacy Act (CCPA) passed unanimously in June 2018 and went into effect on January 1 of this year. It’s the first law in the U.S. to set up comprehensive rules around consumer data, similar to what the European Union instated with its General Data Protection Regulation (GDPR). What does the privacy act mean for the average person? Not much, according to Wired.com, but depending on how the law is enforced, it could have a ripple effect throughout the U.S.
What is the CCPA?
The CCPA applies to any company operating in California and either makes at least $25 million in annual revenue, gathers data on more than 50,000 users, or makes more than half its money through user data. The privacy act grants California residents two primary categories of rights: 1.) the right to know and 2.) the right to say no. Users are now able to view the data companies have gathered about them and can delete that data. Users are also given the choice to opt out of those companies selling their information to third parties. It’s not just the big tech companies like Google, Apple, and Facebook, – it’s any large company that does business online. That could mean a publication like Buzzfeed or an online grocer such as Vitacost.com.
Many companies use your data – what sort of products you buy, how long you spend reading a certain blogpost – and sell it a third-party vendor like Google AdSense, which combines that data to create user profiles that advertisers can target. You know how you can google “vacuum cleaner” and then suddenly you’re on another website and you’ll start seeing vacuum cleaner ads? That’s how selling your data works. Companies pay for the privilege of personalized ad targeting. Many companies already overhauled their data gathering due to Europe’s GDPR and now they have to do that some more because of the CCPA.
As a small, N.C. web design company, the CCPA doesn’t apply to us, but even still, Web Symphonies does not sell your data. We only use data we gather internally to help us serve you better. It makes sense because as a web designer specializing in internet marketing, how could we help you if we didn’t know how to help ourselves? That’s like asking the average kindergartner to teach calculus. Data is important for marketing purposes, but so is privacy, which the new California law takes into account.
How will the CCPA be enforced?
How the CCPA will be enforced is the question everyone is asking. California Attorney General Xavier Becerra will clarify the law sometime in the next six months and enforcement doesn’t start until July 1. Will enforcement be harsh enough to make an impact? No one knows yet. What the law stipulates is California residents are able to sue companies for failing to take reasonable precautions to prevent data breaches, but will they? (By the way, did you read our post about tips to beef up your web security? You can protect yourself from a data breach by doing so.) Residents can sue as a form of enforcement, but for the most part, the attorney general is the one to ensure compliance. According to Wired.com, Becerra’s office said they only have the bandwidth to tackle a handful of cases each year so companies might not feel the incentive to comply with the new law.
On the other hand, even if the number of cases the attorney general’s office takes on are rare, the threat of crippling fines ($2,500 per user per piece of data, which could be tens of billions of dollars) should be enough of a deterrent for companies to comply with the new law, according to the person who spearheaded the CCPA, California real estate magnate Alastair Mactaggart. Even still, some companies may play fast and loose with the law, banking on not getting caught.
In order to combat that sort of behavior, Mactaggart plans to spend millions of dollars to place another initiative on the California ballot in November that would build upon the CCPA by protecting sensitive information, like health and financial records. The initiative would also create an independent agency focused just on the privacy law, with the power to audit companies for compliance. The new initiative would also restrict legislative bodies from weakening the law in the future, which is a serious concern considering all the lobbying from the tech industry already taking place.
How this applies to other states
Even though we’re a small, Charlotte web design firm, we care about this privacy law because it puts pressure on Congress to act at the national level. Businesses are already grumbling about complying with various state requirements (Nevada and Vermont have their own privacy statutes and other states like North Carolina could follow).
The Senate is considering several bills on privacy but so far the Democrats and Republicans haven’t been able to get out of gridlock because of two issues: Should ordinary Americans be able to sue for violations (the Democrats say yes, the Republicans say no), and should the federal law preempt tougher state regulations (the Democrats say no, the Republicans say yes). The longer Congress dawdles, the more California (and other states) get to set the precedent on privacy laws.
Furthermore, some companies, like Microsoft, are extending the CCPA consumer protections to all Americans and it’s likely other companies will follow suit.
We’re watching the news with bated breath, wondering what this means for us. For now, we’re taking proactive privacy measures and can help you do the same. Contact us about installing an SSL certificate as well as to provide sample privacy policies that come preinstalled with WordPress. We’re happy to help in any way we can.