The consumer blowback after the major privacy scandals in the last few years bore fruit in 2018 with the passing of GDPR 2016 (General Data Protection Regulation) in the EU (implemented this year). Now the US sees new major controls on data privacy with the passing of the California Consumer Privacy Act (CCPA), signed into law by Governor Jerry Brown for those in the Golden State. So what will change?
The ‘give and take’ relationship between the users of the likes of Facebook, Instagram or Twitter that used to work on the provision of service in exchange for data – making the use of the platform free for users – will have greater transparency and the use of data collected will be revealed to users for the first time.
The consumer marketing aspect of the law (how the behavioral profiles that enable targeted digital advertising by location, by interest, by affiliation are collected and used) will be laid bare as the consumer now has the right to be informed about what was collected and why, with the right to opt themselves out of inclusion in the dataset. This is slightly different to GDPR, which, instead, requires opt-in, as every user of every EU-based website has continually been reminded in the last six months.
There’s great speculation over how the industry will manage the litigious binary of ‘CA or not CA’ – companies will have a choice to make on reforming everything and making the same rights available to everyone – or, somehow, keeping one rule for California and another for ‘everyone else’.