California's Consumer Privacy Act has taken effect, bringing GDPR-like data protections...


Posts: 2,791   +571
Staff member

In 2018, the state passed the California Consumer Privacy Act (CCPA), which lays out many GDPR-like data rights for consumers. For example, users can request a copy of all the personal information a big tech company has collected about, order the deletion of said data, or demand that the data not be sold.

Compared to the data privacy protections US consumers have enjoyed up to this point (which are scant), the CCPA represents a significant step forward. However, it should be noted that it still isn't quite as strict as the GDPR.

For example, CCPA fines cap out at $7,500 per intentional infraction ($2,500 for accidents). In contrast, GDPR fines can go up to 20 million pounds or four percent of a firm's annual revenue (whichever is higher). Further, the CCPA will only be enforced against businesses that meet certain criteria. For a company to be affected, they must collect data on more than 50,000 consumers, earn gross annual revenue of more than $25 million, or earn 50 percent (or more) of their revenue from the sale of consumer data.

A few limitations aside, the CCPA officially took effect yesterday, which was January 1, 2020. Though the regulations technically only protect California residents, at least a few prominent tech companies will likely apply the rules to their entire userbases (as many did with the GDPR). Indeed, Microsoft and Mozilla have already pledged to do so.

There are a few possible reasons for that decision, but generally speaking, it's easier for giant corporations to apply these sorts of rules universally instead of selectively enforcing them. As an added bonus, a company that does decide to go that route will probably earn itself some positive PR.

If you have any thoughts on the CCPA or data privacy in general, feel free to sound off in the comments.

Masthead credit: Shutterstock

Permalink to story.



Posts: 542   +190
Unfortunately Europe and California haven't gotten the point. Instead they are protecting income (and presumably tax) streams at the expense of the consumer.

Having the consumer be responsible for protecting their privacy by requesting/demanding information from the companies is exactly the same as telling rape victims they have the right to pecuniary recourse from their assaulters and the government will help collect it except for smaller assaulters and those who cooperate of course.

If the law does not state the companies collect nothing, trade nothing, sell nothing, own nothing about the consumer without the consumer's legally advised and written permission, then it's still rape.

Uncle Al

Posts: 7,981   +6,750
No matter how you look at it, it is a start ..... let's just hope they build on it in the NEAR future!


Posts: 542   +190
It's politics at it's least expensive for Google. e.g. "How much do you need to tamp this down so the revenue stream change is minimal." Outside of Bezos, few people really understand what an income stream of billions per month really means. There are about 130,000 California homeless. Unless I've dropped a decimal, 2 Billion per month for Alphabet means, Google can build 300,000 dollar houses for each of the 130,000 California homeless in Arizona, create mortgage payments of about $1500 for each house, pay the mortgages, and still only be losing 10% of their monthly income.
Politicians are cheap. This won't be built upon. It will be merely touted as a success for the elected and everyone else continues to lose.


Posts: 332   +595
Ahahaha I SO want to see the faces of American companies' execs now, who back in the day "solved" the GDPR problem with a mass Geo block for European visitors. I guess they gotta get off their lazy @sses now and actually comply for once.