The CCPA which came into action from January 1, 2020; is the California Consumer Privacy Act which aims at preserving the data on consumers’ rights related to access, deletion of their Personal Information (PI) that is collected by the businesses. The CCPA was expected to be in effect within 30 days from its amendment.
However, it’s important to note that, these are not applicable to just any start-up type of business or e-commerce platforms but are specific to business organizations which have an annual gross revenue of over $25 million or the organization buys or receives for its own commercial reasons, or sells or shares for commercial purposes, PI from at least 50,000 devices, households or consumers per year or it makes at least 50 percent of its annual revenues from selling or sharing consumers’ PI.
So how does it work for data privacy?
If you own a business that qualifies to follow the CCPA, then you are supposed to take care of the fact that the privacy policies must inform each and every consumer about their rights. Below are the five key rights to the consumers of California:
Right to know: Let’s consider an example, Maria had filled up a form with a car care company for the maintenance of her car. Even after the one-year contract with them, she notices that, she’s getting calls from various other companies proposing her deals on varied products. Here, she has every right to question the car care company about where, how and why her PI was distributed and she is entitled to receive convincing replies within 45 days according to the CCPA. If not, then the car care company is subject to pay the penalty for non-compliance of the act. Hence, A consumer has the right to have every information about where, how and why his data is being distributed to third party companies for various schemes and other advertising related stuff which can be non-essential to the consumer. So, if questioned, the business distributing PI should have a convincing answer for the same.
Right to be forgotten: Taking the same example discussed above, if Maria has filled up a form with the car care company, she expects that her data be confidential and not subject to distribution without her knowledge. So, she has the right to be forgotten after her concerned work is completed.
Right to optout: you as a consumer have every right to opt out of any subscriptions or promotional advertisements which are been linked sourcing your information from a website where you have shared your data for a purpose.
Right to access or delete: It should be entirely a consumer’s call to provide the access to a specific site. Whether the person wants to share PI should be totally their own call. And after sharing a data, the consumer should also be given the privilege to delete data as per his choice.
Right to Equal service or non-discrimination: This is a common scenario observed. Many a times while you access the online websites for shopping, the e-commerce websites have some tempting schemes available, if you agree to link some of your social media accounts or permit them access to your contacts list, disagreeing to which, you are not eligible to be benefitted with any of the tempting discounts or offers. This mayhem can be corrected by complying to CCPA.
So, does it mean that the CCPA is applicable to only consumers residing in California alone?
CCPA is not just aimed at businesses based at California alone. It caters its protocol to any business that processes the personal information of consumers in California. Which also means that, if you have your services enabled in any part of California, you are entitled to be covered by the CCPA. If you have a website that uses any kind of data of consumers information like, someone’s Full name, Employment details, Geolocation so on and so forth, then you are entitled to be upgrading your data architecture with respect to the new rules and protocol of CCPA and adhere to its requirements and abide by it.
So, how would it impact the for-profit business who comply for and what’s the penalty in non-compliance to CCPA?
So how is the GDPR different from CCPA?
How is CalOPPA different than CCPA?
CalOPPA is the California Online Privacy Protection Act which mainly deals with the security breach created just online. Also, its laws are not stringent with respect to the ones discussed above for GDPR and CCPA. A promising proposal to each consumer with preserving his data privacy and thereby possessing the right to sue an organization on the failure in compliance to abide by the CCPA, it’s expected as a major movement, an initial move in maintaining a transparency in the various other laws and acts to follow.