At the stroke of midnight on Jan. 1, a new law went into effect that is aimed at protecting consumer information from big companies; with more and more social media users concerned about how their data is being used, this California-based law could be a model that leads to more widespread change across the country.
The California Consumer Privacy Act (CCPA) is now live and its purpose is to hold more companies accountable for how they use consumer data. One of the most notable companies to have problems in this area is Facebook.
Early in December, over 267 million Facebook users’ information was exposed in yet another data breach. According to CBS New York, on Dec. 14, it was found that the names, phone numbers, and Facebook user IDs had been compromised. This was not the first time. In March, CBS reported that the social media giant also confessed that for years, many of their employees could read user passwords in plain text.
According to CNET, when it comes to social media companies like Facebook, Twitter, LinkedIn, and others, the CCPA would limit the amount of data they can collect and may provide incentive for them to be more clear on how they use this information.
According to Yahoo, the bill also creates a host of new legal obligations for companies that share, collect and sell the data of more than 50,000 people and generated revenue of more than $25 million in the preceding year. This factor means that the law goes beyond big tech companies like Facebook and would also apply to companies like Home Depot and Walmart that use loyalty cards.
“The CCPA always started as a, basically, a private [Freedom of Information Act] request, so that you could go to a business and actually find out, not in legalese, but in plain English, what they are collecting about you,” Mary Stone Ross, a cybersecurity expert that helped CCPA, said.
Consumers will have the ability to opt-out of having their data shared and they will have access to information on how these companies use their data.
The main stipulation is that all the companies and consumers have to be based in California. But according to Yahoo, several companies have come forward and vowed to expand these California-specific protections to customers across the country.
“In order to provide a consistent experience to all of our customers, we plan to provide to all of our U.S. customers the data access and data deletion request processes that we provide to California customers under CCPA,” an Amazon spokesperson told Yahoo.
Microsoft, Apple, and Google have also expressed interest in giving these protections to consumers across the U.S.
Some companies fear the new law would be confusing to consumers and cause an unnecessary burden to many businesses. Some believe the CCPA does not do enough to protect consumers. Yahoo reported that individual customers would not be able to go toe-to-toe with companies they feel violated the law; the California Attorney General Xavier Becerra would have to determine whether or not to take action, for which Becerra would then pursue.
Becerra has said that he would only be able to handle three CCPA cases a year, but consumers do have the right to sue companies on an individual basis.
It is unclear if other states will follow suit, but what is apparent is that with many concerns about consumer privacy and data usage growing, the CCPA is a major milestone that may lay the groundwork for major change.