California is the most populated state in the USA with close to forty million people living there. The new data protection act AB 375 (commonly called the CCPA) sets out stricter rules for companies that store and process large quantities of data belonging to residents of the state of California.
The act firstly obligates companies to openly show the types of data they collect. Another important feature of the new act allows data subjects to opt out of having their data sold by the organisation that collects it. Consumers will also have the right to reject the selling of their personal data without losing access to the services of the organisation. For example, if a data subject denies the request from Apple relating to the sale of their data, they are still legally entitled to continue to use the services Apple provides unhindered. This will more than likely, however, cause the organisations to change their privacy policies to find legal loopholes in order to circumvent the law.
The new Californian law is similar to the EU’s recent GDPR regulation, which also sets clearly defined and strictly enforced rules around citizen data accumulation, but the CCPA is narrower in scope compared to its European counterpart. AB 375 will not come into effect until 2020, giving organisations time to put appropriate procedures in place to guarantee that they are able to achieve full and continuous compliance.
The AB 375 was passed unanimously by both chambers and was signed on the same day to be passed into law by Governor Jerry Brown. The law offers increased levels of privacy for California’s citizens’ data, but the bill did not pass without resistance from the companies that it will impact.
Several large tech and telecommunication firms vehemently protested the passing of this legislation. Amazon, AT&T and Google have poured millions of dollars into lobbying campaigns to prevent the law being passed. Facebook also attempted to obstruct the passing of AB 375 but after coming under fire from critics in the wake of the Cambridge Analytica scandal, the social media giant pulled its public opposition and funding.
The firms in opposition of the CCPA claim that it will cause a disconnect between California and the rest of the United States with regards to how data is processed. They claim that the stricter rules around the protection of the data will hinder their ability to operate effectively.
If and when other US states decide to follow suit and implement their own versions of the CCPA, it is easy to see why these large organisations, that profit massively from advertising using personal data, are against the bill as the potential knock-on effect could greatly limit the profit margins of these big firms.
The affected firms now have less than 3 years to change their policies and business practices in the state of California and make sure they do not fall short of the requirements of AB 375.
With large companies like Facebook and Google harvesting massive quantities of data to yield gargantuan profits, it is easy to see how any data privacy laws that limit their ability to collect, use and sell data will be at odds with their business strategy. Therefore it is up to privacy-conscious government officials to implement regulations that have the best interest of data subjects at heart to ensure that their personal information is protected and used responsibly by organisations that collect it.