If you haven’t already heard, there’s big data privacy news coming from California. The California State Legislature signed a bill giving California residents some of the strongest consumer privacy protections ever granted. The California Consumer Privacy Act of 2018 is a first of its kind US privacy law giving Californians new online privacy protections. The new legislation, which goes into effect January 1, 2020, will have a massive impact on how companies manage California residents’ data. This first-in-the-nation consumer privacy law has many people celebrating, but also leaves lots of organizations confused and unsure how to comply. Many in the tech industry are preparing to fight the new law which requires more transparency from websites about their data collection practices.
Beginning in 2020, websites must communicate to users what data is collected on them, how the data will be used, and which third parties have access to the data. Website visitors will be within their legal right to opt-out of having their data collected and sold and can request that their information be permanently deleted.
According to Californians for Consumer Privacy, here’s a summary of the consumer rights established by the California Consumer Privacy Act:
- Right to know all data collected by a business on you
- Right to say no to the sale of your information
- Right to delete your data
- Right to be informed of what categories of data will be collected about you prior to its collection
- Mandated opt-in before sale of children’s information (under the age of 16)
- Right to know the categories of third parties with whom your data is shared
- Right to know the categories of sources of information from whom your data was acquired
- Right to know the business or commercial purpose of collecting your information
- Private right of action when companies breach your data
The California Consumer Privacy Act is groundbreaking in the US, but Europe led the way with the European Union’s General Data Protection Regulation (GDPR) that came into effect on May 25, 2018. GDPR was designed to build alignment around Europe’s data privacy laws, protect EU citizens data privacy, and transform the way organizations approach data privacy. Similar to GDPR, both US and international businesses must comply with the California Consumer Privacy Act and will need to assess how they collect, process, and share California residents’ personal data to ensure they meet the new regulations and are compliant – which is most likely going to cause confusion, uncertainty, and challenges. A Fast Company article summarizing the key details of California’s new privacy policy declares, “the law–which applies to companies well beyond the tech sector–is groundbreaking but also laden with confusing language that frustrates both critics and backers.”
With so much confusion around compliance to the new rules, companies might want to explore using GDPR software which could help them comply with California’s new regulations. GDPR solutions allow organizations to understand how they comply with GDPR, and where they need to implement changes. Our GDPR compliance software provides a collaborative workspace for cross-functional stakeholders to manage compliance initiatives and integrates up-to-date regulatory details and legal templates to accelerate remediation plans. While this solution was designed for GDPR compliance, it’s possible it can be tailored to help companies meet California’s new data privacy regulations and laws around data collection practices.
To learn more about our GDPR software solution, developed with Gruppo Imperiali, an Italian company with more than 30 years of data protection legal expertise, download our brochure or read our eBook for tips on tackling organizational challenges of GDPR compliance.