California Leading the Way in Privacy Change

Avatar

Founder Foreward

Hello, world! Welcome back to BNBCE for the new school year. This year, one of our focuses will be covering the newest policy updates with privacy and security, as we know that changes will continue to root from legislation approved in the higher offices. With this note, we start off with a discussion surrounding the new “Consumer Privacy Act” of California, the first of its kind in major United States privacy legislation. As always, here is your reminder that our articles are meant to be adored and shared. A stronger democracy starts with awareness, which starts at your dinner table, with your child…talking about CCPA. With that, here we go!

The California Consumer Privacy Act (CCPA)

On June 28, 2018, California Governor Jerry Brown signed AB 375, a landmark data privacy bill that was unanimously passed by California lawmakers and will give users more discretion over the use of their personal data and penalize companies for noncompliance. Mimicking the recently passed General Data Protection Regulation in the European Union, AB 375 is the first bill of its kind to be passed in the United States, and will take effect on January 1, 2020. Let’s cover some of the basics about this bill, and how it is predicted to impact your data privacy rights.

CCPA creates greater transparency about the personal information businesses collect, use, and share. Source: TeachPrivacy

How did this bill come about?

Last year, a citizen-run privacy lobby group, entitled Californians for Consumer Privacy, wrote a bill that garnered over 600,000 signatures from Californian citizens. It asked for restrictions on how personal data could be used for ads, a more visible opt-out button for users who did not want their data sold, and the right for Californians to directly sue companies for data misuse. Californians for Consumer Privacy gave California lawmakers until June 28 to propose an alternative privacy bill or they would push forward with their version. Given this ultimatum, state Senator Hertzberg introduced AB 375, a compromise between businesses and users.

Californians for Consumer Privacy applaud the passage of the new legislation. Source: caprivacy.org

Why is this bill important?

On a day-to-day basis, various businesses collect, store, and sell user data in order to acquire profits. This data is often used for technology companies to target advertisements directly to users, ensuring that advertisers also exceed their bottom line. Social media companies, search engines, and internet providers, such as Facebook, Google, AT&T and Verizon, are some of many corporations who make a sizable amount of revenue from utilizing and selling user data. Since this data about users will only be growing in value, lawmakers have realized the importance of understanding what information is being collected, who the corporations are selling to, and what controls users possess. California Bill AB 375 is the first to take this perspective into account.

The reason this movement has gained so much attention also lies in the state the initiative is based out of. California itself is a highly influential state in regards to sparking changes in internet privacy. Not only is it highly populous, but a large amount of technological corporations are based in California’s Silicon Valley. This means that this law will likely have more than just a local effect, and may start a ripple chain of privacy laws across the rest of the United States.

Example of use of opt-ins, a necessary component of the CCPA. Source: zettasphere.com

What are tech companies thinking?

Unsurprisingly, many of California’s tech companies are not over the moon about this bill. It restricts their primary source of revenue: monetizing consumers’ personal data. Moreover, according to Security Boulevard, many technology corporations don’t believe the logistics of this privacy bill are feasible, seeing as almost all business transactions require the use of personal data and consumers may not be able to utilize certain services if they opt out of all data collection.

Many tech companies are expected to fight for changes before the law fully goes into effect. Although they are grudgingly happy about this compromise between California’s government and the original, stricter bill proposed by Californians for Consumer Privacy, there are still many details that need to be worked out before this privacy bill can go live. Tech companies have been invited to advise on these logistics, such as the definition of personal data, in order to ensure that they are able to survive financially but still grant more privacy rights to their consumers.

Facebook aims to promote and advocate for user privacy even more after their breach of trust incident this year. Source: The Intercept

Costs and Benefits For Users

As a user, this bill means that you have the right to decide if you want your information sold and who you want it sold to. On the forefront of privacy, consumer control, and corporate accountability—especially looking forward into the future of the industry—it’s certainly good news. It’s an additional protection for users to control the use of their own personal data. However, according to Forbes, it may cause unintended complications in regards to streaming services, such as the music service Spotify.

Spotify, like many other streaming services, offers users a premium service, where they have the option to pay a monthly subscription in order to remove advertisements from their music. Otherwise, anyone can use their free service, which includes advertisements between songs. What Spotify loses in subscription money, they can make up through ad revenue. These ads are particularly valuable to advertisers because Spotify targets them directly to a specific audience, determined through the use of personal data.

Once companies are no longer allowed to freely sell personal data (for example, if users do not want Google to sell their searches to Spotify) ads become less valuable to advertisers, because they can no longer be directed towards an appropriate audience, thus decreasing the likelihood that the advertiser will profit. With advertisers paying less per ad, either the cost of subscriptions for the premium service will have to go up, or the frequency of ads in the free service would have to increase.

Spotify is one of many tech services that offer free services in exchange for ads tailored to the user. Source: GFI TechTalk

What does this mean for my future?

AB 375 enacts several powerful protections for technology consumers against having their information collected and sold without their knowledge. Businesses must now disclose what information they collect from consumers, what purpose they are collecting that information for, and which third parties they will be sharing it with. Furthermore, businesses will also be required to delete any personal user data upon official consumer request. This means that users can control what information they would like businesses to use, and examine which third parties, such as advertisers, those businesses may be sharing their data with.

Consumers can also opt out of their information being sold to third parties, and business are not permitted to retaliate against consumers who opt out by upping their prices or changing the quality to serve. This means that no business can refuse service or create quid pro quo requirements if users choose not to allow them to use personal data. However, there is a distinction, with businesses being permitted to use financial incentives to persuade consumers into not opting out.

Finally, should any corporation violate these restrictions, California authorities are well within their rights to fine companies up to $750 per person per violation, increasing the incentive for companies to focus their efforts on protection, and for consumers to “say something” when they “see something” suspicious.

“Privacy is not an option, and shouldn’t be the price we accept for just getting on the Internet.” – Gary Kovacs, AVG Technologies. Source: NPR

That’s a wrap!

Over the next year, the issue of liability has to be determined by California’s state legislature. How will fines be imposed if companies misuse data? What needs to be done if businesses choose not to comply even after being penalized? Should we wait and see how GDPR plays out before we jump in? Direct civil suit options will also have to be discussed and limited, perhaps in lieu of sending complaints to a government agency with the ability to prosecute. Additionally, the issue of what qualifies as personal data still arises. The list of qualifications will have to be narrowed and further defined, and made more concrete, in order to ensure there are no misunderstandings between users and corporations. 

Still wondering about CCPA? We’ve got more!

We hope you learned some about the new privacy legislation coming up in our country! Next time you see a revamped privacy policy or new opt-out button, now you will understand what it means and just how much control you have on your privacy. Wishing you happy and safe surfing!

Sincerely,

Policy Panther


Meet our new writer: Annika Agrawal

Annika Agrawal is a senior at Hinsdale Central this year, where she is an active member of her school’s Science Olympiad and Math teams. Her favorite activity is journalism, and she is the incumbent Managing Editor of her school’s news magazine, having a longstanding passion for policy on Capitol Hill. She is also on the literary editing board of the art and literary magazine at school and enjoys writing and editing for local papers in her town. Her friends would say that she is never one to back down from a challenge and that she loves helping people out, whether it’s coaching kids, talking to a friend, or volunteering to play piano for elderly residents. Besides organizing TEDxYouth@Hinsdale, this summer she will spend most of her days holed up in a biochemistry lab, analyzing proteins and hoping to further her research on probiotics.

0 Points