By now the GPDR seems like old news and you may not worry that on January 1, 2020, the California Consumer Privacy Act (CCPA) becomes effective. They seem similar enough, after all. However, this thinking is not advisable.
CCPA elevates California as one of the first states in the US to take active steps to protect its consumers’ privacy and security. There are two principal avenues where the law can take hold. Either the state of California or the consumer itself can take action against a company for violations of the law. There are five primary rights that will become available to consumers:
- Access to the personal information that is being collected
- Say no to the sale of their personal information
- Know what personal information is being collected
- Know if their personal information is being sold or disclosed and to whom
- Equal service and price if they choose to exercise privacy rights
Important Details are Different
While the goals of the CCPA and the GDPR are extremely similar, they are not the same. Businesses need to be aware that just because they have achieved compliance with the GDPR requirements does not mean they are automatically compliant with the CCPA. In many ways, the CCPA expands on ideas and regulations of the GDPR.
An important difference is in the control versus consent area. The GDPR is mainly concerned with obtaining consent. The CCPA goes further and requires a way for consumers to control their own information. This would require deep changes in the business systems that process consumer data as opposed to simple on/off controls.
Equally, when it comes to data processing especially when sold to third parties the CCPA is far stricter. The CCPA has rules that require that consumers are notified if their data is sold to third parties and allowing them to opt out. This is another major difference.
Who Does this Affect?
The California Consumer Privacy Act defines a business as a for-profit entity that collects consumer personal data. More specifically, if your business meets at least one of the following thresholds, you may be subject to compliance:
- Businesses that earn $25,000,000 or more a year in revenue
- Businesses that annually buy, receive, sell or share personal information of 50,000 or more consumers, households or devices for commercial purposes
- Business that derive 50% or more of its annual revenue from selling consumer personal information
The good news is that non-profits, for now, have a get-out-jail-free card. However, given that other states are considering legislation without an exemption for non-profit entities, we still encourage non-profits to be good stewards of users’ data and comply with legal requirements. It will become the expected norm.
High risk stakes
Under the CCPA, California citizens will have the ability to bring a civil action lawsuit against companies that do not abide by the law. In addition, the state can also bring these charges to a company directly. While the fines are less than the GDPR’s, the direct action by citizens a high risk. Businesses can be charged a $7,500 fine for any violation that is not addressed within 30 days.
The xcoobee difference
The xcoobee privacy network supports a sensible balance between data subjects (the consumers) and data controllers (businesses). We listened to both sides. Businesses continually expressed concern about how impossible the laws are to implement practically. At the same time, consumers expressed their fears of having to put together their financial live after breach or sale of their data without their control.
Using xcoobee’s platform services, business are able to give control over data to their customers without rewriting their core business systems. This occurs while still receiving fair use and speedy time to market. The benefits are:
- Quicker time to market
- Lower cost implementation
- Less risk of system rewrites
- Higher customer acceptance
Moreover, we at xcoobee don’t assume that everything always works as planned. We believe this to be is naïve thinking. Thus, we provide consumers and businesses tools to handle privacy problems interactively with purpose build problem resolution tools.
Proactive privacy problem management. Now there is a thought that is different.