California's Current Privacy Rights Under CCPA

Written by harrymaugans | Published 2021/01/22
Tech Story Tags: privacy | data-privacy | ccpa | internet-privacy | data-protection | identity-theft | california | personal-data

TLDRvia the TL;DR App
California recently passed a sweeping state-wide privacy law that makes it the most privacy-forward state in the nation. But, until it gets implemented, the existing privacy framework (the CCPA) is the law of the land.
As Bloomberg shows in the graphic below, the CCPA created four new privacy rights for consumers in California: the right to know, the right to delete, the right to opt-out, and the right to non-discrimination. Here's what you need to know about each of those privacy rights.

#1: Right to Know

You have the right to know what personal data companies have stored, collected, used, and shared. This includes the types of data and categories of personal information that companies have about you.
To get access to your personal data, you'll need to make a request with the business to ask what personal information it has collected, disseminated, and sold.
The company then needs to tell you the following details about each piece of personal information:
  • the general category of personal data collected;
  • where it was collected from;
  • why it was collected;
  • and any third parties that have accessed the data.
Once you see how a company has been collecting, sharing, and using your data, you'll be able to understand if they were doing shady things to break the law. For instance, are they selling personally identifiable information without your permission that hackers can use to steal your identity? If they are buying and selling specific details, such as email addresses, mailing addresses, social security numbers, names, geolocation data, login IDs, IP addresses, biometric data, and behavioral data, you're at risk of identity theft!
šŸ˜¤ : Companies can get around this by claiming that it's impossible to attribute anonymized data to specific customers. Your right to know is sadly limited to data that's clearly attached to your identity. You won't be able to learn how they might be tracking you in ways that don't clearly connect to your identity.

#2: Right to Delete

You have the right to delete personal information that businesses have about you. You can also withdraw consent related to how companies use, share, process and sell your data. After consent is withdrawn via a valid request, companies must delete the data.
šŸ§ : You have no real way of knowing whether or not a company deleted your data, as per your request. Also, companies can retain certain categories of personal data that help prevent fraud or help them manage the user experience.

#3: Right to Opt-Out

You have the right to opt-out by telling a business to stop selling your personal information to third parties. Businesses must tell you when they sell your personal information - including the types of personal information they collect - and also tell you that you can opt-out. The opt-out request becomes effective immediately after the business receives it.Ā 
Also, there's no sale of data from those under 16 without parental consent. Businesses cannot sell the personal information of children who are younger than 16 years old without their parentsā€™ or guardiansā€™ consent.Ā 
šŸ˜¤ : Nothing in the law says that opting-out has to be easy! That means that businesses can make the process very difficult and discourage you from going through it. They bury the privacy opt-out in the footer to prevent you from easily exercising your rights.Ā 

#4: Right to Non-Discrimination

You have the right to non-discrimination. This means that businesses can't retaliate against you if you decided to exercise their right to know, right to delete, or right to opt-out.Ā For example, a company could decide not to serve you as a customer or perhaps even charge you more for the same product or lower the quality of service based on your opt-out preferences.
Businesses can get around this by paying you for your personal information, as long as the compensation is reasonable.
šŸ¤Ø : Thereā€™s a loophole: section 1798.125(a)(2) says that businesses can actually charge you more or give you a lower quality service, just as long as the difference is attributable to the value of your data. That could lead to two tiers of the Internet, where those who have opted out receive lower-quality results in search engines or slower service speeds from internet providers. No good!

The future of privacy

There's obviously a lot of work to be done when it comes to privacy in America. California is leading the charge in protecting the privacy of its residents. But there's really only one solution that gives businesses consistency and consumers production: A national privacy law.
Remember that any business that intends to collect, store, and use your personal information must tell you all about how they are going to use it! Then, once you give permission, it must adhere to those permissions! They can't collect, use, and share your personal data beyond whatā€™s been disclosed to, and accepted by, the consumer.Ā Keep that in mind as you fight for your privacy.
Written by harrymaugans | Where we help people fight for their privacy.
Published by HackerNoon on 2021/01/22
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy