The California Consumer Privacy Act: Consumer Privacy Ripple Effect?

The California Consumer Privacy Act appears to be inspiring other states and instilling trepidation in tech firms.

Terri Coles, Contributor

April 16, 2019

4 Min Read
The California Consumer Privacy Act: Consumer Privacy Ripple Effect?

With less than a year until the California Consumer Privacy Act of 2018 goes into effect--and other states following suit--technology and other organizations are contemplating how the new law will affect them and their customers. The new rules around privacy and data collection and use have made some organizations especially nervous because of the implications for machine learning.

The California Consumer Privacy Act, which takes effect on Jan. 1, 2020, puts into place several protections against the collection and sale of consumer data with the knowledge of those consumers. Businesses will be required to tell consumers what data is being collected and what the businesses intend to do with it. Businesses will also have to inform consumers of any third parties with which they may share data. If consumers make an official request for the deletion of their data, businesses must comply. Businesses cannot change the price or level of service if consumers opt out of the sale of their data, although they will be allowed to offer financial incentives for permission to collect data. Finally, state authorities will be allowed to fine businesses for violations of the law.

According to National Law Review, several state legislatures in addition to Massachusetts have introduced consumer privacy laws since the start of 2019, including Hawaii, Maryland, Mississippi and New Mexico. All of this followed the European Union’s General Data Protection Regulation, or GDPR, which took effect last May 25.

The CCPA, GDPR and similar legislation don't bode well for tech giants like Facebook and Google, which opposed the bill, as did internet providers AT&T and Verizon. The law could have negative business consequences for tech companies of all sizes, not just the big guys, and in particular for businesses that rely on consumer data collection for machine learning and artificial intelligence applications and services.

A Reaction to Tech’s ‘Laissez Faire’ Attitude

Bills like the one signed into law in California may be the logical conclusion of the data free-for-all that previously existed.

“In many ways, increasing data regulations--like what's happening in California--were a reaction to the tech industry's laissez faire attitude toward protecting sensitive user info,” said Eric Schrock, the CTO of the data management platform Delphix.

But while the California regulations make it more complex to deliver applications that depend on big data, it doesn’t make it impossible, Schrock said. “Stricter data policies and AI can actually coexist with a privacy-first approach toward development and a deeper understanding of how data flows within an enterprise,” he said. “When you make sure the right data gets to right people, you'll be able to meet data regulations while feeding safe, secure data into AI--a win win.”

Potential Influence on Other States

It remains to be seen how California’s passage of the bill will influence the actions taken by other states on consumer data collection, sharing and use. The state-level move runs counter to federal actions on data privacy, which include the end of net neutrality and the nixing of the Broadband Privacy Rule. For better or for worse, this may be the way forward for tech and data privacy, with action taken at a state level versus a federal one.

Or, it may not change much at all.

“The California Consumer Privacy Act is unlikely to have an impact on gathering data for machine learning at most companies,” said Robert Melton, director of the digital marketing and data privacy group at Clarip. The public generally supports the ways tech can improve the world, Melton said, so if a business can explain how personal data is used and why it’s needed, they’re likely to support that.

“In the long run, the businesses that will be hurt by privacy laws like this one are those companies which rely on buying data from other businesses and fund their efforts by reselling the data,” Melton said. “They may find consumer requests to opt out of the sale of personal information undercut both their source of data and their revenue.”

But, to some degree, what other states do is besides the point. California is not just a large and populous state; it’s also the state where many tech companies are headquartered.

“For some time, the data devolution has been the new ‘Wild West’ without any regulation of data collection or sharing,” Melton said. “The upcoming privacy laws are necessary to restore consumer trust in these businesses and ensure that the public doesn't ultimately decide to shut off the flow of data completely because of their poor privacy practices.”

About the Author

Terri Coles

Contributor

Terri Coles is a freelance reporter based in St. John's, Newfoundland. She has worked for more than 15 years in digital media and communications, with experience in writing, editing, reporting, interviewing, content writing, copywriting, media relations, and social media. In addition to covering artificial intelligence, machine learning, big data, and other topics for IT Pro Today, she writes about health, politics, policy, and trends for several different publications.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like