The latest high profile consumer privacy regulation called the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. As a result, social media and various publications have been buzzing about the new regulation including users’ experiences.
As background CCPA is trying to give consumers more control over their data including how companies can manage it including selling data. That includes allowing consumers to request access or deletion of their data from companies. Along with expressing if they would like companies to not sell their data.
Under the new law companies that need to meet CCPA regulations include the following: (1) generate $25 million in revenue, (2) have more than 50,000 consumer records in your database, or (3) derive more than 50% of your revenue from selling consumers’ personal info.
After reading these insights I believe everyone can agree the CCPA has empowered the people to take control of how companies capture, store and manage their data.
So, here are 3 initial insights after one full week of CCPA:
CCPA Is Huge On Social Media
CCPA is having a larger social impact than anticipated. While many companies seem to be prepared for CCPA, it does seem like a lot of companies are either not prepared or are taking that stance of none compliance. The most surprising impact of CCPA has been the groundswell of regular people fully documenting their experiences with various brands in regards to CCPA.
California citizens on their own are creating repositories to make it easy for others to submit data access & deletion requests such as this one here.
Also, individuals are documenting how huge companies such as Facebook or OpenTable are simply denying consumer requests for access or deletion of their data. for now, as seen below.
Here is an example of OpenTable denying a do not sell request from one of the co-authors of CCPA Mary Stone Ross also on Twitter @MarySRoss18:
my request to @OpenTable just got denied. and yes, “*California law treats disclosures of personal information to third parties as “sales” where the disclosure involves monetary or other consideration, even if no money changes hands.” this is now the law in CA, no asterisk needed pic.twitter.com/sOjI9bXItT
— Mary Stone Ross (@MarySRoss18) January 2, 2020
Here is an example of a Twitter user @ampersand_ie reporting back on Facebook denying deletion requests under CCPA:
Update: so my request got denied? basically Facebook just gave me a generic response saying they can’t delete any of the data they’ve collected on me and if I want it deleted I should just delete my account lmao🖕🏼#CCPA pic.twitter.com/EkDLzbehqZ
— ❀ a.n.d.i.e ❀ (@ampersand_ie) December 28, 2019
CCPA is very different than the General Data Protection Regulation (GDPR)
In contrast to GDPR, CCPA has been very visible across the web. While GDPR was highly visible with the privacy community and in Europe, it has heavily focused on consent. While CCPA does have a consent component it is highly focused on consumer data access and deletion rights along with the sale of consumer data.
These are directly associated with the anticipation of CCPA. While enforcement of CCPA does not occur until July 1, 2020, responsible companies are preparing now. This will continue to rise along with the use of a “Do Not Sell” button which should become a staple on most sites.
Here is an example from Potterybarn Kids:
The cost of CCPA will be great and teams will need to work closely together
The total cost of any regulation for companies is difficult to estimate. But, a recent article from Bloomberg estimated that CCPA alone will cost companies 55 Billion dollars.
At these levels companies, internal teams will need to work in harmony. With executive oversight, the teams that have been affected by CCPA have been marketing, IT, legal and finance.
- Marketing Teams – These teams have been responsible for creating messaging to ensure consumers about compliance changes that have been seen in banner ads and emails.
- IT Teams – These teams have been required to audit technology stacks and implement new compliance solutions where required.
- Legal Teams – Most legal teams have been required to get up to speed on marketing and analytics processes to ensure corporate compliance.
- Finance Teams – Financial organizations have been required to take new liabilities into account and allocate resources to ensure corporate compliance.
In summary, the last week has been very interesting. Over the next several weeks and months companies will need to be vigilant & flexible to ensure they are not only meeting the new regulation but also meeting social expectations. Very exciting times!
To learn how RIVN can help please visit www.rivn.com