Will California’s Consumer Privacy Law Impact Data Privacy?
California’s new data privacy law, formally called the California Consumer Privacy Act (CCPA), is in many ways very similar to the the EU’s General Data Protection Regulation (GDPR). Its primary intent is to protect residents from the threat and damages of data breaches.
It’s Not Just California That is Passing Strict Data Privacy Laws
California is leading the nation in enacting data protection regulations that other states will soon follow. This is no surprise as California is often a trend setter for change – socially, politically and technologically. Also, California is home to over 12% of the US population, and, also many of the largest technology firms in the country and as such may be more sensitive to data privacy issues than other states. In a less publicized, but equally important move, Vermont passed a data broker law in May of this year that regulates data brokers that buy and sell personal data. The legislation adds accountability to the large data brokering companies that have historically operated with little oversight. This law is meant to protect Vermont residents from suffering a data breach like the massive Equifax breach last year that exposed 145 million individuals’ personal data. The Equifax breach among many others has eroded public trust in companies that capture and use personal data.
Stronger Data Privacy Legislation Will Help Restore Badly Eroded Public Trust
The recently enacted regulations in California and Vermont are consumer focused and essentially declare data privacy as a civil right, rather than as a by-product of the business of using and selling personal data. These kinds of regulations are beginning to have wide spread impact on how companies interact with customers and are a step in the right direction for consumer transparency, security and privacy. Transparency of process and procedures as well as communication about where a consumer’s data goes or what it’s used for is required to restore trust in technology companies. Allowing people to opt out of having their information used for purposes they do not intend will bring a better understanding and trust to technology and data-driven companies.
We Need to Move To National (and International) Data Privacy Standards
My sense is with the publicity of all the data breaches over the last few years, many people are more saavy about how their data is used and exploited. In addition, we are finally realizing the cost of “free” services can be significant. The idea of services in exchange for handing over your data with no questions asked is no longer enough, users want more control over their data and how it is used and how it is shared. This awareness will ultimately drive national data privacy standards across all 50 states rather than a piecemeal state by state approach that is occurring around the country. Without this, the cost of compliance in the US will grow to unacceptable levels. Ultimately, we’ll see stricter privacy regulations across the entire globe.