California's Consumer Privacy Act has taken effect, bringing GDPR-like data protections to the US
Data privacy: Ever since the EU passed its General Data Protection Regulation (GDPR), privacy advocates in the US have asked their own politicians to pass similarly-comprehensive legislation. Though federal laws of that nature are still a ways off (if they come about at all), California has heard the call and acted upon it.
In 2018, the state passed the California Consumer Privacy Act (CCPA), which lays out many GDPR-like data rights for consumers. For example, users can request a copy of all the personal information a big tech company has collected about, order the deletion of said data, or demand that the data not be sold.
Compared to the data privacy protections US consumers have enjoyed up to this point (which are scant), the CCPA represents a significant step forward. However, it should be noted that it still isn’t quite as strict as the GDPR.
For example, CCPA fines cap out at $7,500 per intentional infraction ($2,500 for accidents). In contrast, GDPR fines can go up to 20 million pounds or four percent of a firm’s annual revenue (whichever is higher). Further, the CCPA will only be enforced against businesses that meet certain criteria. For a company to be affected, they must collect data on more than 50,000 consumers, earn gross annual revenue of more than $25 million, or earn 50 percent (or more) of their revenue from the sale of consumer data.
A few limitations aside, the CCPA officially took effect yesterday, which was January 1, 2020. Though the regulations technically only protect California residents, at least a few prominent tech companies will likely apply the rules to their entire userbases (as many did with the GDPR). Indeed, Microsoft and Mozilla have already pledged to do so.
There are a few possible reasons for that decision, but generally speaking, it’s easier for giant corporations to apply these sorts of rules universally instead of selectively enforcing them. As an added bonus, a company that does decide to go that route will probably earn itself some positive PR.
If you have any thoughts on the CCPA or data privacy in general, feel free to sound off in the comments.
Masthead credit: Shutterstock