Is the California Consumer Privacy Act of 2018 the American GDPR?

A ripple of fear always reverberates throughout the email industry when new legislation is passed that could limit the distribution of commercial email and the use of data. The California Consumer Privacy Act of 2018 (CCPA) is no different. Originally proposed as a statewide ballot by real estate developer Alastair MacTaggart, the core focus of the CCPA is to provide additional control over consumer’s data and how it can be collected, stored, and used by corporations. At the final hour, the state of California put forth a similar piece of legislation and MacTaggart’s bill was replaced. This legislation passed by unanimous vote in both the state’s House and Senate, and signed by Governor Jerry Brown on June 28, 2018.

This new legislation brings together several pieces of privacy law previously missing in the United States, but present in other countries. Companies will now need additional transparency regarding how they utilize the personal information of their clients. This includes things like the categories of information collected, its source, its purpose, any third parties accessing it and specific pieces of information the business collected about the consumer. The CCPA will come into effect on January 1, 2020, so businesses requiring time to update their processes and policies will have the next 18 months to identify the changes required to comply with this new law.

Does this all sound familiar? It should, thanks to all the recent news coverage of the General Data Protection Regulation (GDPR), which went into effect in the European Union 30 days prior to this law being passed. It’s even similar to parts of the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

This legislation targets five key concerns when personal information is collected:
  • Right to know what personal information is being collected
  • Right to know whether personal information is sold or disclosed, and to whom
  • Right to say “no” to the sale of personal information, including deletion of data
  • Right to equal service and price
  • Right to access their personal information
While this legislation has several similarities to GDPR, it’s not exactly the same.

Here are some important differences:

California is a driving force in the world of digital, and the potential impact of this legislation would cement many ideals of GDPR, the OECD privacy framework, and digital rights for consumers in America. With the fifth largest economy in the world, California gets to carry a big stick and drive changes forward in America.
“Fundamental to this right of privacy is the ability of individuals to control the use, including the sale, of their personal information”

The CCPA also requires businesses to include an easy-to-find way for consumers to “opt-out” of data-sharing, and a link on a company’s homepage to a page titled “Do Not Sell My Personal Information.” If a consumer navigates there and requests his or her information is kept private, the business must suspend any selling of that consumer’s information for 12 months and obtain clear consent authorizing the sale of their data in the future (after the year is over).

The CCPA mandates a series of penalties for businesses, starting with referring intentional violations not resolved in a satisfactory time frame to the Attorney General ($7,500/per violation). The legislation also allows for limited class settlements in the case of data breach ranging from $100-750 per incident, following a grace period in which the Attorney General could take action first.
What does this mean for digital marketers?

It is time to evaluate your business’s data collection and usage needs...

Read The Full Article

0 Comments Write your comment

    1. Loading...