The California Consumer Privacy Act (CCPA) officially went into effect yesterday, giving Californians more control over the destiny of their data.
Here’s how the law works:
Companies with customers in California will be required to provide consumers with an option to opt out of data collection.
The law gives California internet users the power to request that any data collected from them is deleted — and mandates that companies continue to provide free services to customers who opt out of data collection (although it does allow companies to offer more limited service to data dodgers).
The law applies to any company with California customers that:
- Makes $25m in annual revenue
- Holds information about at least 50k people
- Earns at least ½ its money selling CA consumers’ info
So, why is this such a big deal?
Although concerns about corporate data collection have been growing for years, the CCPA is one of the first major consumer data protection policies to go into effect in America.
And because many large companies like Facebook and Google will be required to build out new transparency tools to comply with the law, the CCPA’s impact will extend beyond the Golden State.
Some companies — like Microsoft — have already announced they will make data available not just to Californians, but to all of their customers.
And since California is often a leader in passing new regulations, it is likely that other states will follow its lead.
But rollout of the law will be a bumpy process
California’s attorney general will be responsible for taking non-compliers to task. But the attorney general’s office will be able to handle only a limited number of cases per year.
The AG has set a date of July 1 to finalize the specific requirements for companies.
The law is expected to cost some businesses as much as $100m.