it could be the dawn of a new age for digital privacy in the United States.
Starting on Jan. 1, Californians will gain the right to request, review and erase their digital profiles -- personal information that has been collected by businesses -- giving consumers the opportunity to have more digital privacy. Additionally, under the California Consumer Privacy Act, or CCPA, if a company is asked by a California consumer not to sell his or her data, companies will be legally obligated to oblige.
"If we do this right in California," California Attorney General Xavier Becerra said according to the Associated Press, the state will "put the capital P back into privacy for all Americans."
For years companies have been collecting data on consumers, often without their knowledge. This data includes personal information ranging from purchase history to location to religion to sexual orientation. Businesses then sell this data to third party companies for a profit.
Unlike the U.S. Constitution, the California Constitution recognizes privacy as an inalienable right. Because of this, Californians will have the ability to know what personal information is being collected by which company, the sources of that information, and to whom that information is being sold.
The law also forbids the sale of personal information from a child under the age of 16 without consent.
It’s not just big technology companies that will be forced to listen to consumers -- the law applies to any company that interacts with a California resident, so businesses like retailers and banks will have to comply too.
Since California is home to a tenth of the United States’ population, as well as many of the nation’s largest and most profitable companies, this law could become a de facto national standard.
While CCPA creates unparalleled digital-privacy rights, it does place the burden of responsibility on the consumer and not the business.
“The bill would grant a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request,” the bill says.
If a consumer requests a business to delete and not sell his or her personal information, a company must comply, as long as that information is neither necessary to protect against fraud or to finish a transaction. If a business fails to create security practices and a consumers’ data is breached, that consumer can take the issue up with the state attorney general. But for any repercussion to take place, the consumer must take action.
Additionally, the California attorney general cannot take any legal action until six months after the law comes into effect. But once June rolls around “any person, business, or service provider that intentionally violates this title may be liable for a civil penalty of up to seven thousand five hundred dollars ($7,500) for each violation,” according to the act.
While the law largely benefits the consumer, there are a few loop-holes that give businesses an advantage. CCPA allows companies to start collecting data the next time a consumer does business with it, even if that consumer already requested the company delete his or her personal data.