The California Consumer Privacy Act (CCPA) came into force on 1st January 2020. The Act was introduced so that there can be a track on how businesses deal with the information of the consumers. Initially, many companies opposed the law, one of whom was believed to be Facebook. However, the social media conglomerate had later explained that “It was standing firm with the CCPA and was in sync with the law.”
Recently, Facebook also announced that it would start complying with California Consumer Privacy Act from 1st July 2020. A Facebook spokesperson clearly stated that “There’s a misperception that Facebook doesn’t think CCPA applies to us, it does.”
The company earlier stated its position with CCPA as follows:
- We offer self-serve tools that let people access download and delete the information we collect about them.
- We delivered a supplemented notice to California residents that provide clear information about the data we collect, how we use it, how we process data, and how people can exercise their rights under the law.
- We issued updated space-specific terms, which may apply when advertisers use our tools. With these, we have contractually committed to only use data for California residents that we receive from our partners for business purposes, like showing an ad or preventing fraud, as CCPA outlines for a service provider.
Facebook further stated that “As with any law that applies to us and our partners, we aim to be fully compliant. In the case of CCPA, we’ve designed our systems to be consistent with the law’s emphasis on transparency and control.”
What do the CCPA Regulations entail?
The CCPA was mainly passed in order to protect consumers' privacy rights in California region. It entails a set of obligations on how businesses collect, use, and share the personal information of California State residents.
In a gist, the CCPA spells out the following rights of California Consumers: 1) deny of the sale of their personal information to third parties; 2) request to know what personal data/ information was collected by businesses and how they have sold or disclosed that information to third parties; and 3) request businesses to delete personal information that has been so collected by them.
CCPA is the first law in the US to introduce a comprehensive set of rules around consumer data, akin to the European Union’s General Data Protection Regulation or GDPR. The CCPA applies to any company that has a gross revenue of more than $25 Million, derives 50% or more of its annual revenue from the sale of consumer personal information or buys, sells or shares the personal information of more than 50,000 consumers.
The CCPA regulations are currently in their third draft form with the latest comment period that ended on March 27, 2020.
CCPA Enforcement and Penalties:
Non-compliance with CCPA regulations can have several economic consequences. In general, the California Attorney General is responsible for enforcing compliance with the CCPA.
Businesses are expected to comply with the CCPA at all times. Those to fail to do so, are served with a notice of non-compliance and thereafter extended thirty (30) days to cure any instances of non-compliance or violations.
If businesses further fail to become complaint, they will be made liable for civil penalties ranging from $2,500 for non-intentional violations, up to $7,500 for intentional violations.
California consumers can also press private charges against the businesses for data breaches that have exposed their non-encrypted and non-redacted personal information to unauthorized third parties.
In line with the heavy penalties associated with the CCPA and its non-compliance, it is advisable for businesses to acquaint themselves with the Act and rope in the services of a trusted attorney in order to ensure complete compliance with the regulations by the enforcement date (July 1).