The California Consumer Privacy Act took effect this month, offering California residents unprecedented access to, and knowledge of, the personal on them data businesses collect. The law applies to companies with consumer customers located in California, and could affect all U.S. consumers, and a large number of tech companies.
Companies are offering mixed responses thus far. For many, identifying all the residents of a particular location is difficult, so they offer the benefits provided under the new regulations to most, if not all, of their customers. Microsoft, for example, extended protections provided by the law and Europe’s General Data Protection Regulation to all its U.S. users.
Many large tech companies updated their consumer policies to comply with the CCPA, and to prepare for future laws. Twitter debuted a privacy center, offering users information on the company’s approach to the law, and a dashboard where they can decide the types of personal data the platform can use for ad targeting.
Google blocks websites from transmitting data to the company, which users can control through an opt-out add-on. Other businesses are turning to outside firms to develop online forms where consumers can choose how their data is used.
Some companies, such as Facebook, have been slow in making changes. According to a recent Fast Company article, the media giant, which implemented GDPR globally and allowed all users access to previously shared data, stopped short of letting customers choose whether their information can be sold. It uses pixels to track user behavior on websites, but holds the websites themselves accountable for privacy protection. These policies may be penalized by the CCPA; if not, they may conflict with future regulation.
Many of the changes to data privacy standards only apply to Californians, but more regulations will likely follow, according to a recent article in Wired. Nevada and Vermont have their own privacy protections, and other states including New York are working to set their own regulations.
The CCPA is putting pressure on Congress to pass national legislation. In the meantime, more states will likely follow California’s example, forcing companies to address consumer privacy sooner than later.
Companies will need to invest heavily in consumer privacy protection to meet CCPA standards and future regulations. A recent article in Slate estimates businesses will collectively spend $55 billion in the short term to meet current requirements, and an additional $16 billion over the next decade.
Lawsuits were filed against the law, and are winding their way through the courts.
