Articles

The Impact of California’s New Privacy Law

Wednesday, February 5, 2020

Over several years, ordinary Americans have increasingly wondered if they’re being surveilled online. For certain they’re followed — websites visited, items shopped, photos and messages collected by third parties. In California, home to Silicon Valley, the voting public demanded protections. 

The California Consumer Privacy Act (CCPA) that passed in 2018 and took effect Jan. 1 is often compared to its European forebear, the General Data Protection Regulation (GDPR). Both affect businesses and citizens outside their borders and both respond to the growing threat posed by personal data collectors, as well as hackers and cyber attackers.

The California digital privacy law is the nation’s first piece of legislation meant to empower consumers to gain control over how their personal information is used online — maybe even monetize it.

By the broadest definition, California’s new privacy law empowers Californians to ask companies for a rundown of the information it has collected about them, and the third parties it passed the information to. Further, companies must allow consumers to choose not to have their data shared with third parties, so if they collect data at all, they now must sift that data according to individuals’ privacy controls.

All companies? No. The California digital privacy law is meant to apply to popular platforms we use every day — Facebook, Google, Yelp, Evite, etc. Here are the thresholds that compel companies to comply:

  • A company must generate more than $25 million in revenues annually.
  • Companies must have collected personal data on at least 50,000 people.
  • Companies must collect more than half of their revenues from the sale of personal data.

Still, companies that meet any of these qualifications and do business here do not have to be based here to come under the law. As a result, the implications of California’s digital privacy law (like its European Union counterpart) is truly global.

Microsoft, for one example, said it would apply California’s data privacy law changes to all its users in the United States rather than treat the Golden State as a special project.

EU, California Privacy Law, Compared

The differences between California’s new digital privacy law and the EU’s GDPR are roughly as profound as their similarities. 

  • The California data privacy law expands the European definition of what constitutes private data to electronic files — audio, visual — and others.
  • The GDPR challenges companies to provide a compelling “legal basis” for collecting personal profile data; the California privacy law presumes such data isn’t always harmful and affords individuals control over specific information a company collects.
  • The California privacy law excludes electronic health records (EHR) because it is protected elsewhere in state law.
  • The GDPR elevates requirements around cybersecurity and breach response; it provides for the appointment of data protection officers and regular Data Protection Impact Assessments.
  • The California data privacy law does not obligate proactive and progressive structuring; companies may not even report breaches, but, if consumers lodge credible complaints, the companies may be sued under the law.

Finally, Californians may request companies bound by the 2020 California privacy law to delete all their personal data. As the Wall Street Journal reported, websites with third-party tracking are supposed to add a “Do Not Sell My Personal Information” button that prohibits data collected from consumer inputs from being sent to any third parties, including advertisers.

Both the EU and California digital privacy laws arrive at a time when people are living out their lives online less like game avatars and more like citizens of a virtual city square, complete with commerce, personal interactions and social organizing. Questions around security are being raised just as they would if a small city suddenly had no police officers or firefighters. 

That security and protection actually begins back “IRL” with our internet connection. Back at home, people are investing in connected security cameras and doorbells, and Wi-Fi protection. 

A new market

One potential boon of the California data privacy law is it may trigger a new market for consumer participation in data collection.

California’s new privacy law may create a market for data used to micro-target messaging. Already, the social media giant Facebook is collecting data even on third-party apps to fill out user profiles (without their knowledge), to flesh out shopping habits and glean political inclinations. This is increasingly important to marketers, retailers and campaigners. Facebook profits, whether it sells such data or not.

In 2020, the California data privacy law may yield discounts on products or services for consumers as consent to let their data be collected or sold to third parties — a kind of “finder’s fee” for consumer data points. Of course,  consumers may say yes to some information — preference for Under Armour sportswear — and no to geo-targeted location information and facial recognition data. 

Under the California privacy law, Californians may also obtain the inferences a company makes about individual data sets, conclusions about a consumer’s behavior, attitudes, activities, psychology or predispositions.

California’s new privacy law may stir copycat legislation in other states, or federal legislation. Recently, the state of Washington introduced a comprehensive privacy bill of its own. Now, Capitol Hill has begun exploratory hearings on a federal package of privacy laws. This would ease the burden on the business of wide-ranging state privacy acts. According to one think tank, it would bring statutory compliance under one jurisdiction, and it could aid the competitiveness of U.S. corporations struggling to meet GDPR standards.

One security expert is advising California companies big and small to update their privacy policies and create processes for retaining copies of any personal information collected about consumers.

Digital Assets, Personal Protection

Our online lives are valuable to others — marketers, hackers, consumer businesses. The effect of the California data privacy law will be to raise awareness of this fact and increase protection from businesses who see customer trust and comfort as a competitive advantage. 

Homeowners should give their own home network connection the same protection. Kinetic Secure provides endpoint as well as gateway (modem) security and enhanced parental controls such as removing devices from the network, setting screen time limits, even bedtimes, and monitoring and excluding individual sites. Users manage Secure from the convenience of an app.

This partnership ushers Kinetic customers into Wi-Fi network security that’s as reinforced as Kinetic Gig Internet is fast.

In a beta test customer survey of features, security ranked first among Kinetic users, followed closely by identity theft protection from partner Credit Guard and 24/7/365 technical support with Whole Home Agent.

Wi-Fi network security may become the next favorite target of cybercriminals. Let’s make it a tough one to crack. Take that security on as a responsibility no different than insurance or retirement planning. And, like those, we would do well to seek professional help from a trusted source — a service provider like Kinetic by Windstream that sees in us an investment as precious as the one we see in our own homes.