California’s 2020 Privacy Laws
California is known for its breezing palm trees, endless summers, towering redwoods, and eclectic cultures. But another, perhaps less obvious characteristic of the Gold Rush State is its progressive stance on Consumer Protection. Working neck-deep in regulation and statutory law for the past 15 years I can tell you that California sets precedences; any movement by this behemoth sends shockwaves across the global markets.
With 1 in 8 US citizens residing within the Golden State (approx. 40 million people), CA’s recently enacted privacy bill will likely translate to required changes to your privacy practices either through direct statutory mandate or changes may be prompted due to a contractual mandate enforced by a third-party partner\ vendor you currently do business with.
Our goal is that you gain a general understanding of what CA’s privacy rights may mean for you. Within this short read, we will cover the five rights that went into effect this year and include key takeaways that businesses and consumers should be aware of concerning these rights. We also encourage everyone to read the full text of The California Consumer Privacy Act here.
January 01, 2020, California’s Consumer Privacy Act went into effect giving Californians greater control over their personal data. Californian’s shopping habits, names, locations, and browsing habits are now being closely guarded by the 5th largest economic power in the world.
For decades consumers’ personal information has been collected, bought, and sold as a commodity to the highest bidder. Some have called this the digital gold rush, a gold rush that has gone largely unchecked. Popular platforms like Facebook, Google, and Snapchat have been guzzling consumer data and making a lot, A LOT of money off of it.
Nefarious stories, such as the debacle involving the data-mining firm Cambridge Analytica has caught the attention of lawmakers fueling their mission to reign in data collection practices and privacy rights. California’s approach to data privacy, likely influenced by GDPR, aims to arm its citizens with five rights over the collection and use of their data.
California Privacy Rights Highlights
We will now cover the five rights below, if you are a business owner you will need to ensure your practices comply with CA requirements as of 01/01/2020.
#1 The right of Californias to know what personal information is being collected about them.
Key Takeaway: Businesses must clearly and conspicuously tell consumers what personal information is being collected. This notice must be provided before or at the time of information collection. A business is not permitted to collect the data first and then tell the consumer what is being collected.
Most companies leverage their online privacy policies to communicate this information.
#2 The right of Californians to know whether their personal information is sold or disclosed and to whom.
Key Takeaway: Consumers have the right to ask the types of third-parties businesses share their personal information with, consumers also have the right to tell businesses to delete their personal information and not to sell it.
#3 The right of Californias to say no to the sale of personal information
Key Takeaway: Businesses must give consumers ways to opt-out of having their personal information sold or shared with third-parties. Once an opt-out request is received the business must honor the request.
#4 The right of Californians to access their personal information
Key Takeaway: Businesses must offer consumers ways to request copies of the personal information collected about them. The information must be provided free of charge within 45 days of an information request.
#5 The right of Californians to equal service and price, even if they exercise their privacy rights
Key Takeaway: Businesses can not refuse to provide a consumer service or increase the cost of service simply because a consumer chooses to exercise their privacy rights.
Although the CCPA is the most extensive privacy law in the US many advocates argue the Act does not provide enough protection. Unlike GDPR which encompasses all businesses that handle consumer data, the CCPA applies only to businesses with gross revenue over $25m, customer bases greater than 50,000, or businesses whose revenue is 50% or more based upon user data.
Those who are subject to the Act and are caught engaging in willful/intentional non-compliance can face fines of $2,500.00 to $7,500.00 per violation.
California’s move to wrangle in data collection and consumer privacy has sparked the flame in other jurisdictions, Wisconsin, Washington, Massachusetts, and New York are working on similar legislation. If you can’t find the time to stay up-to-date with all of the movement within this space; check back into our blog from time to time to capture pertinent updates.
Concerned about your business’s privacy practices? Contact us today, we’re ready to discuss!