What is the CCPA?

US privacy laws

Mathieu

Mathieu

IT Law Specialist

Categories

Most Popular Articles

Subscribe to our newsletter

    For EU Subscribers | Privacy Statement
    For USA Subcribers | Privacy Statement

  • This field is for validation purposes and should be left unchanged.

The California Consumer Privacy Act of 2018 was signed into law by Governor Brown on June 28, 2018. The law is adjudged to be one of the toughest and farthest-reaching consumer privacy laws in the country. This Act which is billed to go into effect in 2020 will give Californians a new privacy right.

The act is a reaction to a developing issue that consumers need in order to effectively protect their personal information due to recent data breaches and related privacy incidents that have affected millions of Americans such as Equifax, Target and Cambridge Analytics.

Also, the CCPA enforces varieties of new requirements on businesses so as to achieve its aim of ensuring that consumers benefit from choice and transparency in the treatment of their personal information.

Governor Brown and the Legislature jointly agreed to speedily pass the CCPA in order to prevent expensive fight over a proposed ballot initiative, advocated by privacy activists that would have put even more severe measures before voters this November.

Therefore, an agreement was reached by the Legislature and other advocates of the ballot initiative wherein the advocates would expunge the idea from the ballot if the CCPA was signed into law by the deadline for such removal.

The provisions enshrined in this Act is balanced based on the fact that it seeks to benefit both a business enterprise and a consumer.

However, plans are underway about adjusting some sections which may not be consistent to provisions of the Act. It is therefore advisable for corporations to meticulously monitor later adjustments regarding the Act as well as the approval of conforming principles that can possibly affect the impact of CCPA on subsequent business transactions.

This article will explain in detail what the California Consumer Privacy Act of 2018 can do, how it’s provisions can be regulated and how the rights of customers are being defined.

What does the Californian Consumer Privacy Act

1. Discover Information Businesses Are Getting from You

The provision in the California Consumer Privacy Act gives every California resident the right to find out the type of information in which businesses are sniffing from you, through your electronic device or your child. You have the power to either accept or decline to give them your personal information.

Whenever a commercial entity retrieves your personal information especially if it is free of charge, the Act gives you the right to know the category of the information they retrieved from you, your child or even your device.

In the same vein, you have been empowered by CCPA to know who a corporation is selling your personal information to and the type of information they are selling.

Therefore, with this Act in place, you have the sense of ownership and that your personal protection is protected.

2. You Can Control Your Personal Information

With this Act, you can confidently say NO to selling your personal information without any form of discrimination. What he rightly means is that if you decline from selling your personal information, no corporation have the right to sue you or deny you of quality service.

Therefore, if you don’t want any company to sell your data, all you have to do is click on the link that says ‘’do not sell my data’’. After you have done this, be rest assured that the organization cannot keep your decision away from the privacy policy as they would be compelled to display it at the bottom of the page where they collect your information.

Immediately you inform them not to sell or share your information, they would not victimize or sue you for that because the law covers you. They will not change their mode of service to you or deny you of quality service. What this means is that this Act gives you full control over every personal information collected from you.

3. You Can Protect Your Personal Information

Provisions under the current California law reflects a breach in residents’ personal data. Thankfully, the CCPA has come to correct this anomaly by both protecting the right of the Californian resident or customer as well as the interests of businesses.

It may interest you to know that the California Consumer Privacy Act imposes fines when an existing law is being violated. This measure will, therefore, put businesses on their toe and make them more responsible in protecting the personal information of customers.

So, the provisions in CCPA gives you that sense of protection of your personal information wherein the law makes business corporations to be more responsible to do so.

How are CCPA provisions regulated?

The CCPA is designed to place boundaries on selected businesses as a way of ensuring that customers’ personal information is being protected effectively. For this reason, the CCPA covers any consumer who is resident in California and pays tax.

To further explain this, a consumer is regarded as any person who has a temporal base in California and is transitory or any person who is based in California but is involved in a temporal activity outside California.

With this, the CCPA covers you, provided you have a California personal information, irrespective of where you are located.

The information which is regulated is strictly ‘’personal information’’. This covers information that describes, identifies and relates to and be possibly connected to a certain resident or consumer. In this case, his name, social security number, educational information and full address will be required.

For other laws and regulations in California, this information may not be seen as being sensitive but CCPA considers it as very sensitive.

In the light of this, the CCPA will anticipate the execution of the Attorney General in interpreting the definition of the personal information, so that it can accommodate a broader term regardless of its restrictions.

Going further, it is evident that businesses are also regulated. Businesses here means profit-making organizations that collect customers’ data or those commercial entities whom customers’ personal information is being collected on their behalf.

It should be noted that these commercial corporations should have annual gross earning of over twenty-five million dollars.  In addition, they should have the capacity to either combine or single-handedly purchase and make sales of consumer and household products. Therefore, businesses that meet up with this requirement are covered by this Act.

Under the CCPA, corporations are compelled to furnish customers with a series of information through their websites and other avenues. The contents of such information can be – category of customer’s personal information, an avenue for customers to decide whether or not the corporation should remove their personal information and then, a notice if the corporation intends to sell personal information to another entity and if the customers wish to opt out of the deal.

Consumers under CCPA are empowered to request and get information that comprises – the type of personal information the commercial entity has retrieved from the consumer, where the personal information was collected as well as the purpose for which the information was collected.

The decision to decline the sale of personal information

CCPA provides that every consumer should be given the option to either sell or decline the sale of their personal information to other entities. Should in case consumers opt out, their information can never be sold unless they decide to allow it. In addition to this, the CCPA prevents businesses from requesting a reauthorization from a customer for twelve years after they have opted for selling their personal information.

As I mentioned earlier in this article, a customer has the right to decline sales of personal information by clicking the link which has a’’ do not sell my personal information’’ at the bottom of their website’s homepage.

Minors do have ‘opt-in’ rights. In this case, corporations may not have to sell personal information of customers that is if they are fully aware that the consumer is above age sixteen and if they haven’t gotten any direct consent to do so.

However, children between the ages of thirteen and sixteen are of the age to issue consent for the sale of their own personal information whereas children below the age of thirteen may be able to do so with the assistance of their guardians.

Therefore, any corporation that purposely neglects a child’s age will be seen to have an accurate knowledge of that child’s age. There is no provision in the CCPA which states a purposeful neglect.

Enforcement of consumer rights and penalties

Provisions under the CCPA has two basic ways for enforcement and recovery of consumer rights, whether it be commercial entity or individual. This is where the powers of the Attorney General are being exercised for the interest of the public.

On the flip side of it, corporations have the right and access to request and receive direction from the Attorney General on how to conform to the Act.

Attorney General Enforcement

The California Consumer Protection Act gives the Attorney General the onerous right to issue and execute civil penalties against corporations who go against the stated guidelines of CCPA; that is if the error is not corrected within a period of thirty days.

The mode of penalty could be in the payment of fine in the tune of two thousand, five hundred dollars for general default. Also, when damages are purposely done by businesses, it’s penalties can be in the tune of seven thousand, five hundred dollars for every damage done.

In it’s provision also, the California Consumer Protection Act, designed a Consumer Privacy Fund. It is called ‘’The Fund’’. The provision states that every penalty that involves the payment of fine recovered, twenty percent of it will be deposited in The Fund while the remaining eighty percent will go to the coffers of what led to the penalty.

The reason for creating ‘The Fund’ is to cater for any expenses incurred by the Attorney General or the state court that initiated the idea.

Receive Direction from the Attorney General

Like I did mention earlier that corporations have the right and access to request and receive direction from the Attorney General on how to conform to the Act. The reason for seeking the guidance of the Attorney General is to be clear concerning certain grey areas of the CCPA before it is implemented by the year 2020.

Despite the enforcement powers arrogated to the Attorney General, there is still no stated time frame in which he can respond to request from any party.

The Required Steps to Follow

The endorsement of the California Consumers Protection Act marked a turning point for privacy in the whole of America. Two factors necessitated the extension of the Act’s requirement outside the state’s enclave: they are the population in California, it’s size and the leading technology.

In order to ensure the efficacy of CCPA in the face of this challenge, it will be ideal to apply a strict privacy measure to occasionally evaluate same.

It is with this that we, therefore, suggest that corporations buy into the below steps in order to secure themselves from the much negative act that comes with CCPA.

The first step is – should in case there is no one in your corporation that is in charge of addressing requirements that are connected to personal information, then think of creating a responsibility for that purpose.

Secondly, find out if you retrieve, maintain or keep Californian personal information or if there is any individual or business you control that does like that.in this case, you need to really understand if the CCPA will work in your defense.

Another step is to construct a detailed contract term with network service providers who aid the sharing and management of customer’s personal information and make sure that the contractual agreement conforms with the policies and guidelines of CCPA, including protection from any likely error.

Conclusively, CCPA’s overall policy is not geared towards witch-hunting any entity but to ensure that the rights of every party involved are protected to the latter. It also ensures stiff penalties to defaulters.

© Copyright - Complianz 2019