The CCPA or the law of California Consumer Privacy Act is a state statute dedicated to intensifying privacy rights and consumer protection for the citizens of California, United States. CCPA presents consumers with more power over the personal data that businesses accumulate. In this article, we get to examine the details of this enactment and understand how as a consumer, one can protect their data vis-a-vis the various rights ensured by CCPA. So, let’s dig in!
California Consumer Privacy Act: A Closer Angle
The California Consumer Privacy Act of 2018 lets consumers better protect their personal information gathered and used by businesses. These regulations guide how the law is to be implemented. Here are the privacy rights that the CCPA guarantees to the residents of California:
- The right to learn and know about the personal information that a business accumulates and how that information is being used and distributed by them
- The right to delete personal information gathered by them (includes a few exceptions)
- The right to choose the option of their personal data not being sold by the businesses
- The right to non-discrimination to exercise their individual CCPA rights
Companies are obliged to furnish consumers with clear notices describing their privacy systems. The CCPA pertains to many firms, which also covers data brokers.
The Right to Know
As a California citizen, you can demand your data from companies. They would have to reveal the personal details that they have obtained, used, distributed, or traded. Companies must also justify why they have accumulated, utilized, shared, or sold your data. Precisely, you can also request that companies reveal:
- The various categories of personal data obtained
- Particular or specific segments of the personal data collected
- The kinds of sources from where the organization received the personal data
- The objectives for which the company utilizes the personal data
- The different varieties of third parties with whom the company partakes the personal data
- The sorts of information that the company sells or reveals to third parties
The CCPA compels corporations to produce answers for free for one year, leading to your request.
The Right to Delete
You can also petition that companies and also their service providers eliminate your personal data accumulated by them. There are at least two ways for you to propose your request. Toll-free contact numbers, email addresses, website information forms, or hard copy applications are all satisfactory methods to request data deletion.
However, the CCPA declares that while businesses don’t have to give an online form, they can’t get consumers to build an account just to propose a deletion request. In case you already possess an account with a company, you can submit your request from that account itself.
Following are a few exceptions that enable companies to retain your personal data that includes:
- Individual data on medical issues, consumer credit reporting, or another similar kind of information
- Matters concerning purchased products or services that cover warranty and product recall issues
- Several company security processes and practices
- Compliance with statutory commitments, handling legal claims or rights or supporting legal claims
The Right to Opt-Out
The right to opt-out means demanding businesses to stop marketing or selling your personal data for their own ends. Organizations must wait a year before they ask you to reconsider opting back after receiving your opt-out request.
The Right to Non-Discrimination
This right pertains to the fact that companies cannot withhold goods or services, charge a separate price, or offer a varied level or quality of goods or services solely because you utilized your rights guaranteed under the CCPA.
CCPA and GDPR
The General Data Protection Regulation (GDPR) was founded to grant E.U. residents more power to protect their personal data. Under these rules, businesses need to guarantee that personally identifiable data is handled legally and that the information is adequately maintained and protected. It strives to provide citizens with the required control to defend their personal information while also determining how organizations should comply. CCPA is a result of GDPR.
Yet, the GDPR and CCPA are not entirely the same. The biggest variation is that the CCPA only controls businesses in California on the basis of their annual gross revenues or the quantity of data they process and trade. However, it does not mandate a physical business presence in California. If a business is established outside of California but involves transactions with Californians for economic earnings, such as offering goods or services, the CCPA would apply to such companies. On the other hand, GDPR applies to all companies that transact with E.U. citizens irrespective of their revenue or company size.
Updates on the Latest CCPA Amendments
On 5th October 2021, the Governor of California approved Assembly Bill 694 on privacy and consumer protection. Specifically, the bill makes amendments to Section 1798.140 of the California Consumer Privacy Act of 2018 (‘CCPA’) by attaching a definition on ‘advertising and marketing,’ ‘consent,’ and altering other distinct definitions such as ‘business,’ ‘business purpose,’ and ‘contractor.’
Precisely, the bill describes consent as any freely given, specific, informed, and unmistakable sign of the customers’ desires by which the customer or their legal guardian implies agreement to the processing of the customer’s personal data for a narrowly prescribed purpose.
Furthermore, the bill performs certain amendments to the exceptions under Section 1798.145 of the CCPA. It explains some provisions under the California Privacy Rights Act of 2020 concerning the timing of the rulemaking authority of the California Privacy Protection Agency.
The new terms of the amended bill will assume force on 1st January 2022.
How Can VLC Be Your CCPA Ally?
With an enriched work experience in security, our highly professional team of security experts can support you on your CCPA compliance campaign. Our CCPA framework can benefit you to accurately decide which controls you might require and draft any coincidental proof to avoid repetitive evidence collection attempts.
Contact Us today if you wish to turn your security and compliance strategy into a big business benefit.