California’s Privacy Act: What you need to know now
The draft text of the regulations under the California Consumer Privacy Act (CCPA) will undergo a public consultation period, including a number of public hearings, with submissions open until December 6 this year.
The CCPA itself will take effect in the state on January 1, with a further six months’ grace period before enforcement of the law begins.
“The proposed regulations are intended to operationalize the CCPA and provide practical guidance to consumers and businesses subject to the law,” writes the State of California’s Department of Justice in a press release announcing the draft text. “The regulations would address some of the open issues raised by the CCPA and would be subject to enforcement by the Department of Justice with remedies provided under the law.”
Translation: Here’s the extra detail we think is needed to make the law work.
The CCPA was signed into law in June 2018 — enshrining protections for a sub-set of US citizens against their data being collected and sold without their knowledge.
The law requires businesses over a certain user and/or revenue threshold to disclose what personal data they collect; the purposes they intend to use the data for; and any third parties it will be shared with; as well as requiring that they provide a discrimination-free opt-out to personal data being sold or shared.
Businesses must also comply with consumer requests for their data to be deleted.