Cart ()

California’s Consumer Privacy Act Seeks to Overhaul Online Data Rights

California’s Consumer Privacy Act Seeks to Overhaul Online Data Rights

As Silicon Valley’s power becomes one of the top talks on Capitol Hill, members of the tech establishment could see their predatory reign dwindle. 

“We need to put some rules of the road in place and not with a heavy hand,” once argued Sen. Mark Warner, a known big tech critic and current Vice-Chair of the Senate’s Intelligence Committee. “There are ways we can even look at industry-based standards and industry-based regulatory bodies as the first step, but the wild, wild west days of Big Tech are over — both from a consumer standpoint and from both political parties.”

There’s no better symbol of this anti-big tech bipartisanship than 2018’s California Consumer Privacy Act, one of the toughest data privacy laws ever established within the United States of America. Under the bill, companies which store large amounts of personal information will be required to adhere to new pro-consumer data rights, such as allowing them to see, delete and stop the sale of the personal information to the highest bidder without a phony exterminator’s fee. The law officially takes effect on January 1st, 2020.

According to a new report from The New York Times, the new law specifically applies to for-profit companies operating within California — the golden state for all current Big Tech business — which maintain a database of upwards of 50,000 users or reach $25 million in revenue. Just as this threshold will affect the mainline tech giants — such as Google, Facebook, Apple, Amazon, and all ISPs — it will also apply to relatively small retailers too. While it’s hard to argue that consumer rights suddenly become invalid past an arbitrary number, at least the law tries to be indiscriminate between large companies while acknowledging the limitations of the many smaller start-ups.

The law could stick a serious knife in the practice known as targeted advertising, where social media giants charge third-party clients for “personalized” ads which better target users by using data collected from their users. If you’re paranoid your phone might be spying on you own calls, recording your own texts and bots understanding your own pattern of online à la  big brother, just know that fiction and reality aren’t so far apart. Just swap totalitarian government observation for a more simplified price tag on your digital footprint and shopping habits. If knowledge is power, it’s a profitable power indeed.

Considering our prior report on how the tech industry was trying to lobby and fund operations to get the law canned, any damage to their bottom line is their obvious concern over the public’s common good. Nevertheless, it hasn’t stopped these companies from trying to appear ethical, even if it’s all just theatre. “We are ready for its arrival,” Facebook wrote in a statement, despite being the key leader in the anti-CCPA fight, “in part because we’ve made long-term investments across our products to help people everywhere easily manage their privacy and understand their choices with respect to their data.” 

This is quite ironic since the law actually credits its inspiration to Facebook’s Cambridge Analytica fiasco, which resulted in 87 million people worldwide having their data harvested without their knowledge for targeted advertisements, specifically to help President Donald Trump’s 2016 campaign. A key factor being their lack of investment in data privacy. “As a result, our desire for privacy controls and transparency in data practices is heightened,” reads the new bill. The scandal led to multiple government investigations and a $5 billion penalty, which is a drop in the bucket compared to their $55.8 billion in revenue that same year. 

While nearly a dozen other states have tried their hand at offering similar data rights, California’s bill is the most important milestone due to its governance over the actual Silicon Valley area. While this is reasonable speculation, the results could just as easily trickle down across state and country lines as the new norm, forcing these companies to be consistent worldwide to avoid California’s wrath or show their hand as unethical data merchants ready to sell you out, likely to spark worse regulatory pushback. It depends on whether the public can hold the line of accountability.

Thankfully, the CCPA does account for factors that were neglected even by the European Union’s pivotal GDPR laws, such as a prescribed, toll-free phone number to actually contact the company of choice and notable exceptions to the right of access and delete. The European legislation, on the other hand, recently made serious contradictions in how it handles these exceptions, such as whether defamation is either public information or personal information, or whether such information must be deleted worldwide, not just within nation-state lines. 

Fines under CCPA also go as high as $7,500 per intentional violation, which could turn that measly $5 billion fine from the FTC into a hefty $650 billion national disaster. Would any company take that risk? Or would they have to adapt, staying competitive without trampling over user liberties? 

“California is a good first step because it has some very important rights built-in around user control,” noted Julie Brill, Microsoft’s Chief Privacy Officer, in a statement to the Times. “But too much of a burden has been placed on individuals … We need to ensure that companies share the burden to protect individual data in the United States. That means things like requiring companies to assess the data that they have and to make sure that they’re adequately protecting it. It should include privacy by design. Good stewardship requirements should also include principles like data minimization.” 

Or better yet, potential anti-trust break-ups, decentralization and other anti-Big Tech methods being considered even by controversial competitors like Twitter. It’s only once the mandate takes hold that these companies will have to decide.