As I sit in my office here in San Anselmo, CA on January 2, I am probably among a handful of California residents who have any clue what CCPA – (California Consumer Privacy Act) means.
And frankly, while I may be well informed, that is really only a relative term. We at Localogy have spent considerable time following CCPA (which took effect yesterday) and the implications of the new law. And if you attended Place ‘19 in Austin, TX, last October, you would have learned about the consequences for companies that operate websites and sell customer information.
To be covered by CCPA, a company must meet the following tests:
- Generates more than $25 million in gross revenue
- Collects data on more than 50,000 people, or
- Rely on consumer data sales for more than 50 percent of revenue.
This write up offers a pretty thorough summary of the new law’s key provisions.
In a very practical sense, CCPA should make consumers feel more comfortable that their personal data is not being shared around the Internet at their expense and without their explicit knowledge. All well and good, but I am not sure how many of the estimated 39.8 million residents of California have any idea what has changed with the new law.
As this summary of new California laws that went into effect at the same time as CCPA reveals, many residents of California will not place CCPA at the top of their list. Instead, laws around the minimum wage, gun rights, medical procedures, food handling, and drone surveillance are likely to get more attention from the “average” California resident.
But in our world of local and the Internet, CCPA is, of course, a very big deal. And the law is seen as a bellwether for federal legislation, whenever it comes. November, Microsoft announced that it would essentially be applying CCPA on a national basis. They clearly want to put themselves in a leadership position and at the forefront of addressing privacy concerns, while by contrast, Facebook argues that it does not need to change anything because it does not technically “sell” personal information.
Here’s what seems certain to me.
- Most residents of California have no idea what CCPA means or how it affects their day-to-day lives.
- The world’s largest technology companies will seek to craft their own narratives around privacy. Some will lead with transparency, while others will use lawyers and lobbyists to argue their positions and achieve maximum advantage.
- Thousands of companies will comply with CCPA, and it will largely be a “nothing burger”.
Here’s a screenshot of my first opt-out. Kudos to Slate for making it super easy.
3:20 – 4:05
The Evolving Role of the Chief Data Officer Privacy and CCPA
The world of data is changing daily. With companies collecting volumes of data about customers and consumers and policymakers working to protect them, the age of data without borders is over. Now companies will have to comply with state laws – namely CCPA and potential federal law. That means the Chief Data Officer role becomes a top position in any organization – necessary to interpret the laws, implement data security procedures and navigate an increasingly complex set of requirements. In this session, we’ll hear how one company is tackling this super important topic and what advice they have for others.
Michael Signorelli, Venable LLP