The CCPA - Another Californian success story or flop?
<hl>These things have to happen to Make the CCPA a Privacy Success Story.<hl>
On January 1st 2020, we not only welcomed a new year and decade but a new US legislation on online privacy as well, with the California Consumer Privacy Act (CCPA) officially coming into effect.
The CCPA is considered the strictest piece of US legislation on online privacy. Notable sections require companies to disclose any collection of personal data, particularly when asked to do so by the user (but not only) and to delete such information upon request. Generally speaking, businesses that comply with the GDPR are likely to meet the standards set by the CCPA, but for many companies that are doing business in California, this marks a major change in approach.
Laws that once promised a great deal ended up delivering very little. For the CCPA to be all that it can be, certain elements must come together at just the right time. Here are a few worth discussing:
Knowledge is Power: The Critical Need for Broad Communication & Education
One of the largest issues with the legislation, similar to the GDPR, is the lack of understanding from businesses on how to be compliant and consumers on how this impacts their rights. If companies are largely at odds in their interpretations of the law – rest assured consumers are likely left in the dark. For the new legislation to be a success, communication and education need to be standardized and applied not only on the business level but the individual basis as well.
We can already find many resources instructing businesses on how to approach the new law, yet we barely see any educational efforts directed at the average Joe and Jane. Of course, communication is a two-way street. While there need to be more tools and information available to the public that can be easily understood without the need for a law or business degree - the public must also take it upon themselves to participate in the discussion. Only then can we break down the barriers often associated with legal jargon and allow people to fully understand their rights under the CCPA.
Strength in Numbers: Why the Public Needs to Keep Data Ownership Trending
Online and offline discussions encourage people to demand fair treatment of their data and make sure that laws such as the CCPA aren’t ignored now that they’re officially enforced since the 1st of July 2020. Without these public debates, the new law might be eventually forgotten, with a ‘slap on the wrist’ fine reported on the news every now and then, but no more than that. Naturally, big tech companies are paying close attention to how the law is being put into practice, with some taking the necessary steps to be compliant even before the law came into effect. Microsoft, for example, announced that the company would extend the law beyond California and honour it throughout the US.
Several initiatives have emerged to fuel this momentum while also hoping to keep people better informed and motivate the public to continue down this path towards a positive change. A few good examples of this are initiatives such as the Future of Privacy Forum and The International Association of Privacy Professionals (IAPP) - both designed to not only provide helpful information to the public but act as a platform to continue these relevant discussions at leading industry-related events and conferences.
United We Stand: Federal Law Must Follow
Microsoft’s move is commendable, and while the CCPA is a significant steppingstone, the legislation is still a state-level law. Even though Silicon Valley is a strategic location for companies, to make a real impact - it needs to be embraced on the federal level as well. We’ve already seen talks of nationwide legal efforts surface, such as the Consumer Online Privacy Rights Act (COPRA) that was introduced in late 2019 which, if comes to fruition, would be a major victory in the data ownership battle in the US. COPRA promises to provide further protection to digital consumers. It includes the establishment of a digital privacy rights bureau within the Federal Trade Commission. There’s every reason to believe that between the GDPR, CCPA and COPRA, businesses around the world will finally learn to take data ownership seriously.
Leading by Example: Tech Sector Support
Knowledge and regulation are a great start, but for society to take back ownership over personal data, we need an eco-system wide response. Who better to lead the effort than the industry at the centre of the debate – technology. More tech companies need to lead by example such as Microsoft or Mozilla Firefox, who is offering the CCPA protections to all users in its latest version of the web browser. Moreover, we not only need the right technology companies to follow suit but the right products at our service. Many feel that data management – whether on the business or consumer side - is simply beyond their power. The combination of legal accountability, public awareness and strong technology will not only make data ownership possible - it will make it easy for everyone.
Looking Forward: Privacy, People & Progress
As people become more educated and empowered, businesses will follow suit and take data matters more seriously. So much so that perhaps it won’t take years of legislation to bring additional change. While existing laws are still far from living up to expectations, we shouldn’t become cynical about reclaiming our data through regulation just yet. It’s exciting to see laws like the GDPR and CCPA make it through the obstacle course of legislation and lobbying, all the way to the daily reality of billions of people. That’s how modern revolutions are created. The public climate is just right for a law like the CCPA to bring meaningful change, but we all have to be part of the process.