The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020, but it won’t be enforced until July. There has been much hand-wringing, anticipation and attempts to dilute the legislation by industry.
Anticipating a major change
The consensus among marketers and experts is that CCPA represents a major shift for U.S. digital privacy law that will make it tougher for companies to obtain and use data – especially third-party data brokers and programmatic networks. There’s also an expectation that consumers will exercise their new privacy rights under CCPA.
A brief summary of those rights is as follows:
- The right to obtain disclosure of the categories and specifics of any personal information collected by the site
- An explanation of how the consumer’s data is used and whether it is being sold
- The right to opt-out of a sale of the personal data to third parties
- The right to request that a business delete any personal information
- The right to not be discriminated against because the consumer has exercised his/her rights under CCPA
GDPR experience a preview of burdensome forms
CCPA is often discussed in the same breath as Europe’s GDPR. At the highest level, the key difference between CCPA and GDPR is the latter’s opt-in requirement for data collection and usage, while CCPA is an opt-out framework. I was recently in Europe and have seen the many and varied GDPR opt-in, cookie permission forms that one encounters upon every visit to a new website.
They’re confusing, sometimes painful and, according to my informal discussions with people in Europe, often met by indifference from consumers simply seeking to get to a desired piece of content. This is not to say that people don’t care about privacy – it’s just that many publishers are putting a significant burden on consumers who don’t fully understand all the cookie categories and their functions.
Cookie choice screens under GDPR
