Silicon Valley and the rest of California’s technology economy may not be ready for data regulations, but that’s too bad.
The California Consumer Privacy Act (CCPA) went into effect to start the new year. This means:
- Businesses have to disclose what information they collect, why and with whom they’re sharing that data.
- Customers can opt out of allowing their data to be sold.
- Customers can even request that companies delete all their personal data.
- Companies that don’t adhere to the law can be fined for each violation, and companies that are subject to data breaches can be ordered to pay damages to California residents.
The law comes as a response to several revelations that Big Tech was harvesting customer data and essentially using it to make money.
The CCPA is hailed as the first legislation in the U.S. to regulate the use of customer data and could serve as a template for laws in other states and possibly a more sweeping federal law.
According to Vice, the law will not affect the entirety of California’s tech economy. The CCPA applies only to firms that take in more than $25 million in gross revenue each year, collect data on more than 50,000 users or make more than 50% of their revenue selling data.
Although the law took effect Jan. 1, California authorities said enforcement isn’t likely to happen until sometime this summer, giving lawmakers and tech firms more time to figure out how this law changes things.
The law comes after the European Union’s General Data Protection Regulation (GDPR), enacted in 2016, that was meant to bring about similar data protections. However, that law has been criticized for being largely ineffective.
Still, Facebook and Google are facing big-money lawsuits over alleged violations of the GDPR, but those cases won’t be resolved for years, according to The Verge.
According to Tech Crunch, the GDPR is far from the stringency of the CCPA, which should encourage you and your company to start thinking about complying with the new law.