California has put forward new regulations that will establish the ways in which the US state’s new privacy law, the California Consumer Privacy Act (CCPA) will be enforced.
The CCPA is a ground-breaking new legislative framework on the US data privacy landscape, set to come into effect on the 1st January 2020. Taking inspiration from the EU’s General Data Protection Regulation, the new laws are designed to give consumers enhanced control regarding how private enterprises collect, store and share personal data.
The CCPA represents the strongest data protection stance yet taken by a US state, with regulations for its upholding released by California’s Attorney General Xavier Becerra during a recent press conference.
Under the new laws, citizens will be able to ask for the data held on them to be erased, have say on how their data is handled and decide whether they want their information to be sold to a third party.
The regulations would also oblige businesses to comply with a “Do Not Sell” link built into websites, and to view consumer choices made in privacy settings as valid opt-out requests. Firms that process personal data for more than 4 million consumers will have to adhere to additional standards.
According to the Attorney General’s office, companies will have to spend between $467 million and $16.5 billion between 2020 and 2030 as they align with the regulatory requirements. Moreover, the regulations will also help to safeguard over $12bn worth of data that goes into advertising annually.
The privacy law was passed in last year following a number of high profile scandals that rocked the giants of Silicon Valley; Facebook and Google were among those to be hit by major data breaches which continue to draw global attention to ethics and standards within data handling in the US.
At the press conference, Becerra said:
“Americans should not have to give up their privacy to live and thrive in this digital age. It should not come as a surprise then that California is the state to take on this challenge.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.