The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020, but it won’t be enforced until July. There has been much hand-wringing, anticipation and attempts to dilute the legislation by industry.

Anticipating a major change

The consensus among marketers and experts is that CCPA represents a major shift for U.S. digital privacy law that will make it tougher for companies to obtain and use data – especially third-party data brokers and programmatic networks. There’s also an expectation that consumers will exercise their new privacy rights under CCPA.

A brief summary of those rights is as follows:

  • The right to obtain disclosure of the categories and specifics of any personal information collected by the site
  • An explanation of how the consumer’s data is used and whether it is being sold
  • The right to opt-out of a sale of the personal data to third parties
  • The right to request that a business delete any personal information
  • The right to not be discriminated against because the consumer has exercised his/her rights under CCPA

GDPR experience a preview of burdensome forms

CCPA is often discussed in the same breath as Europe’s GDPR. At the highest level, the key difference between CCPA and GDPR is the latter’s opt-in requirement for data collection and usage, while CCPA is an opt-out framework. I was recently in Europe and have seen the many and varied GDPR opt-in, cookie permission forms that one encounters upon every visit to a new website.

They’re confusing, sometimes painful and, according to my informal discussions with people in Europe, often met by indifference from consumers simply seeking to get to a desired piece of content. This is not to say that people don’t care about privacy – it’s just that many publishers are putting a significant burden on consumers who don’t fully understand all the cookie categories and their functions.

Cookie choice screens under GDPR

Twitter or find him on LinkedIn.