The California Consumer Privacy Act (
) CCPA ) will come into force next year and will likely become the national standard of de facto confidentiality for publishers and online marketers. Before this deadline, however, competing groups are pushing for their terms to be changed .
The AB 1760 is more like a GDPR. An amendment recently proposed by the California legislature (AB 1760) to make major changes to the CCPA would repeal it and replace it with something that imposes stricter obligations on businesses and is much more consistent with the European GDPR. This would allow an additional year for implementation and would only come into effect in January 2021 (proposed amendment integrated below).
A group of 23 technology companies, led by DuckDuckGo, has sent a letter of support amendments. Most signatories are not familiar names. Large Internet companies, many of which are opposed to the ACCP in its current form, have not signed the letter.
The proposed amendments make the law more severe. Here are some of the major changes proposed to the CACP at a high level:
The name would change from the CACP to "The Privacy Act 2019 for all "and would delay the date of entry into force of the law until 1 January. , 2021, to give more time for preparation and compliance.
The ACCP has a consent framework by mutual consent; this would change to opt for sharing personal data. The new rules would prevent companies from sharing or selling a consumer's personal data without prior authorization.
This is a stricter disclosure obligation for businesses. For example, companies should disclose specific data (as opposed to categories) as well as specific third parties receiving the data.
Consumers who exercise their rights can not be denied access to services or services. billed different prices. Conversely, this raises the question of whether companies could offer incentives for data sharing (for example, discounts).
Companies could not refuse a consumer request to delete personal information from their databases. The law can only lead to delays for permissible reasons. Significantly, companies would be required to delete all data relating to that consumer in their possession, regardless of how they were acquired (first party versus a third party).
The data retention rules would look much more like the RGPD: reasonably necessary for the stated use case.
There are a range of more stringent enforcement provisions and legal remedies for consumers, increasing the potential liability for breaches.
Why you should care It is not yet known whether the amendment will be adopted. However, if passed, a strict law will become even tougher and will effectively create a GDPR-like framework for personal data in the United States. An action that could anticipate California law is unlikely before the 2020 elections. (More and more people are discovering AB 1760, the pressure will increase for Congress to act.)
The GDPR has a year in May. This is not the data cataclysm that many feared. Therefore, companies should not panic about CCPA or AB 1760, but inquire about the California privacy rules and the proposed change. If it materializes, it will take another year, which almost no one is currently doing anyway.
Companies that have complied with the RGPD compliance process will be in a much stronger position than those that have been. do not. And unless Congress passes new privacy legislation (unlikely), California law will be inevitable.
This story was first published on MarTech Today. For more information on marketing technology, click here.
https://martechtoday.com/collection-of-tech-companies-support-changes-to-ca-privacy-act-that -bring-it-more-close-to-gdpr -232815
About the Author
Greg Sterling is a collaborative editor of Search Engine Land. He writes a personal blog, Screenwerk on the links between digital media and consumer behavior in the real world. He is also Vice President of Strategy and Knowledge for the Local Search Association. Follow him on Twitter or find him on Google+ .