WASHINGTON, November 20, 2019 - At its core, the California Consumer Privacy Act is a law that allows individuals to know how their personal information is used by companies, but does not protect that information from being used, legal experts said at a Federal Communications Bar Association panel Tuesday.
Consumers are essentially allowed to request how their personal data is used and can also request to opt out or have their data deleted, said Ryan Blaney, partner at Proskauer Rose LLP.
The terms of the CCPA are much broader under the CCPA than those of the European Union's General Data Protection Regulation, said Drinker Biddle & Reath Counsel Katherine Armstrong. A person’s Social Security Number and internet protocol address, she said, are basically classified under the same category.
Regulating privacy and data security is a challenge, Armstrong continued. The CCPA is a disclosure law that allows consumers to ask that their data not be sold. What constitutes as “sold” in the statute has too much of a broad scope.
There is a big difference she said, between data collected from consumers and data collected about consumers.
The creation of CCPA -- which, although passed in 2018, goes into effect on January 1, 2020 -- stems from the possibility that people have been misinformed about their privacy rights, said Eulonda Skyles, partner at Baker McKenzie. Before the privacy laws over the few years, companies such as Google and Facebook have had ways for users to view their collected information and have had the choice to delete it.
Most big tech companies are in support of comprehensive privacy legislation, said John Heitmann, co-chair at the FCBA Privacy and Data Security Committee, as it benefits them financially and brings in more consumers.
However, he said, the EU and U.S. seem to have different perceptions of privacy, which could be why the CCPA differs from the GDPR.
Europe takes privacy and data breach issues much more seriously, said Jacqueline Cooney, senior director of privacy and cybersecurity at Paul Hastings. Whereas in the U.S., people tend to think more economically about their data. They would be fine with their data being sold if it saved them money, she said.
Barring sensitive financial information, Armstrong said, privacy isn’t defined the same for everyone, especially if it involves day-to-day habits. In that sense, a federal data breach law seems more efficient and practical than a wide-scope privacy law, she said.
To prepare for the CCPA guidelines, companies are operationalizing mechanisms to avoid fraudulent data requests. The statute offers ways to identify with “reasonable certainty,” said Skyles. Companies should not release “black box” information, such as SSN and passport number without complete verification, but they should also not neglect user requests that might be deemed insufficient.
There are three main steps companies should take to adjust to CCPA, Blaney said. First, they should map consumer data and classify the type of personal information that they have. Second, the companies should disclose to the public how that information is treated, using external facing documents. Finally, they should operationalize their method of compliance and figure out how to respond to consumer requests.
Ultimately, CCPA leaves several potential gaps in protecting privacy. The law only applies to private companies, Heitmann said, excluding government agencies and nonprofits. Individuals have the right to request deletion of their data, he said, but the exceptions to that rule are huge.
- Coronavirus Roundup: FCC Extends Rural Health Care Deadlines, Public Knowledge Tracks Misinformation, AEI on Regulation
- Special Webcast from Broadband Breakfast Partner Gigabit Libraries on Friday, March 27 – What Is a Library if the Building is Closed?
- Restricting Kids’ Online Usage Should Focus on Content Rather Than Screen Time, Say Panelists at Slate Event
- Broadband Breakfast Live Online on Tuesday, March 31, 2020 – The Importance of Universal Broadband in the Age of the Coronavirus
- Broadband Breakfast Live Online on Monday, March 30, 2020 – Coronavirus Conversation With Millennials from Around the World
Signup for Broadband Breakfast
China1 month ago
Tech Officials Diagnose Excessive Trump Actions as Product of ‘Huawei Derangement Syndrome’
Health3 weeks ago
Battling Coronavirus COVID-19, Broadband Could Provide Relief Although Telemedicine May Not Help
Section 2301 month ago
Attorney General Bill Barr Calls for ‘Recalibrated’ Section 230 as Justice Department Hosts Tech Immunity Workshop
Artificial Intelligence1 month ago
U.S. Progress on AI and Quantum Computing Will Best China, Says CTO Michael Kratsios
Net Neutrality1 month ago
FCC Seeks Comment on Net Neutrality Issues Remanded by Appeals Court: Public Safety, Pole Attachments and Lifeline
Asia1 month ago
Broadband Roundup: Global Internet Censorship, Tribal Divide, Klobuchar on the Broadband Stump
Broadband Mapping & Data1 month ago
Poor Broadband Maps and Lack of a Consolidated Voice Hinder Advocacy for Better Rural Internet
Health2 weeks ago
Broadband Breakfast Live Online Will Stream Daily in March on ‘Broadband and the Coronavirus’