The CCPA grants new rights regarding personal information for California residents. But ![\"\"](\"https:\/\/berkonomics.com\/wp-content\/uploads\/2019\/10\/Data-protection1-300x157.jpg\")
more impactful \u2013 the law creates more and more duties for companies collecting data within the state (which is most everyone.)\u00a0 And of course, the fines are astronomical.\u00a0 Are we going too far in this process of protecting our personal data that many of its beneficial uses will be crushed?<\/p>\n
First, the limits upon companies<\/strong><\/p>\n CCPA will be imposed upon for-profit companies doing business in California with gross revenues greater than $25 million (whew) that buy, sell, or receive any of the personal information for more than 50,000 consumers, households or DEVICES (emphasis mine) for commercial purposes.<\/p>\n Devices? You\u2019ve got to be kidding.<\/strong><\/p>\n Here\u2019s something to think about just from my home: I have three Amazon Echo devices in various rooms, two Ring doorbells, \u201cHey, Google\u201d on five devices, \u201cOK Cortana\u201d on three, three smart TV\u2019s, one smart 4K player, three desktops and two laptops, two smartphones, and WHO KNOWS how much more. \u00a0Count two of us living in the household, and this law adds twenty-six (people and device) counts for our household. All collecting data when I type or speak (hopefully to not just near them.) By comparison, GDPR just addresses data collection and leaks with no count of sources. Now back to our story\u2026<\/p>\n What\u2019s covered?<\/strong><\/p>\n [Email readers, continue here… ]<\/em><\/span>\u00a0 \u00a0California is interested in protecting personal information that can be associated or linked with a particular person or household. (Think of the advertisements that follow you around various sites for days and weeks after you visit the first site and look for a product.)\u00a0 And, gee, if the information is already public (from legitimate data-gathering sources such as a census) than you and the companies are off the hook.\u00a0 But who relies upon up to ten- year old census data which has no IP addresses or email addresses?<\/p>\n The good news<\/strong><\/p>\n This new CCPA does not restrict a businesses\u2019 ability to collect, use, retain, sell or disclose a consumer\u2019s information that is \u201cdeidentified\u201d or aggregated.\u00a0 Whew again.\u00a0 Most of us create our data stores to identify trends both geographic and product-based, stripping individual contact data from the mix.\u00a0 (But I know of at least one airline that can tell its marketing people the name, address, and more about every single ticket sold during the past ten years.\u00a0 Billions of records to track your travel preferences.\u00a0 But I digress.)<\/p>\n What does a business have to do (above GDPR notices?)<\/strong><\/p>\n How about youth under 18?<\/strong><\/p>\n Of course, CCPA protects children under 18 by strictly prohibiting the sale of any information containing data from this group.\u00a0 So, do we have to ask on every form the age of the viewer?\u00a0 Umm. Yes.\u00a0 And consumers may request deletion of their stored information (subject to certain limitations.)\u00a0 Now, there\u2019s an opportunity for a new industry of \u201cdata deleters.\u201d\u00a0 If Facebook can hire 3,000 people just to check for false or fake postings, how many will they need to hire for responding to requests for deletion of data?<\/p>\n Penalties for data breach?<\/strong><\/p>\n How about $2,500 for EACH violation (that means individual or device if unintentional, or $7,500 if intentional?\u00a0 The grand \u201cout\u201d is that businesses have thirty days to cure the offensive act after receiving official notice.\u00a0 That sounds great if the cure is related to the process and not to any previously acquired data.\u00a0 If the latter, the cure will be almost impossible to address in such a short period, if ever.<\/p>\n What\u2019s the conclusion?<\/strong><\/p>\n Most of know that we are giving away personal information in return for convenience, free access or free use.\u00a0 Especially our younger consumers know this and are comfortable with the trade, considering it fair.\u00a0 So, are we going too far with CCDA?\u00a0 Well, this is much more geographically restrictive for a few (but not for any businesses collecting customer data over the Internet.)\u00a0\u00a0 We\u2019d all like not to receive so many unsolicited ads via email, placement on pages we visit and now even invading our texts.\u00a0 But we\u2019d also like to keep our favorite sites free to use (including Google search and millions of aps among the many that will be impacted.)<\/p>\n Very soon, you will need to make that decision again and again as you visit those sites and aps that you want and need.\u00a0 It\u2019s like a pendulum: We once had free access without realizing the data dissemination quid pro quo.\u00a0 Now we\u2019ll know and control more but pay the price if we opt out by receiving much less useful information in ads and perhaps considerably less free ap and site access.<\/p>\n Which will you \u201cvote\u201d for when asked?<\/p>\n And here’s a final something to think about. The law now states that covered companies must have $25 million in revenues AND collect data from 50,000 or more sources.\u00a0 What if in the future, California or some other state substitutes “OR” for “AND” so that small businesses collecting data from at least 50,000 sources (remember that I have 26 people and devices in my home)?\u00a0 \u00a0Now, how much are you concerned by this issue?<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" On January First, 2020, California will enact the toughest data protection laws ever, far outpacing Europe\u2019s General Data Protection Act (GDPR.)\u00a0\u00a0 Called the California Consumer Privacy Ace (CCPA), few of us are even aware of this and need to know.\u00a0 … Continue reading ![\"\"](\"https:\/\/berkonomics.com\/wp-content\/uploads\/2019\/10\/Data-protection2-300x213.png\")
Now, businesses gathering data in California must inform consumers about what personal information is being collected and its intended use.\u00a0 Wow!\u00a0 Let\u2019s hope this is not buried in one of those 2,000-word EULA\u2019s we all agree to by scrolling down to check the box. \u00a0\u00a0And businesses must offer an \u201copt out\u201d option to all consumers.\u00a0 Here\u2019s a question: How many consumers will confuse this with \u201cunsubscribe\u201d and decimate our good mailing lists?<\/p>\n