BHL Bogen

BHL Bogen
BridgehouseLaw LLP - Your Business Law Firm

Monday, January 13, 2020

CA Implements First US Consumer Data Privacy Law


CA Implements First US Consumer Data Privacy Law

With the start of 2020, California residents are the first in the country to have enhanced privacy protections akin to those provided in the EU under the General Data Protection Regulation (GDPR). The California Consumer Privacy Act (CCPA), passed in September of 2018, gives Californians certain rights over the personal data collected by companies such as Google, Facebook, data brokers, and media companies.

In general, California residents will now have the following rights: 1) to know what personal data is being collected; 2) to know what types of companies are purchasing or processing their data; 3) to request that their personal data no longer be collected; and 4) to request the deletion of previously collected data.

In addition to the enhanced transparency, tech companies are not allowed to exclude users from their platform because they opted out of data collection. Previously, consumers have had no choice but to accept that their data is being collected when they use a certain tech platform. Now, the CA law prevents companies from discriminating against consumers who exercise their privacy rights. However, the companies can offer “financial incentives” for users who opt-in to data collection. This means that some companies will offer enhanced versions of their platform to people who accept data collection, while there will be a stripped-down version for users who opt out.

The new law may give some additional transparency to US residents outside of the California, but they won’t be able to request that their data no longer be collected or sold. Privacy advocates say there is a lot more legislative ground to cover. At least 20 other states are considering data privacy laws in their state legislatures, but the hope is that a federal law will eventually provide uniform protections. In a few major areas, the CCPA is a less robust privacy law than the GDPR. The CCPA does not require companies to minimize data collection or have a legally valid reason for processing data. For now, the CCPA is a first step towards consumer privacy protection in the tech industry.

 By Madeline Person Attorney at Bridgehouselaw

No comments: