Will the California Consumer Privacy Act Change Internet Privacy?

The law will apply to companies operating in California that have an annual gross revenue in excess of $25 million, possess the personal information of 50,000 or more consumers, or earn more than half of their annual revenue from selling customers’ personal information. Those that fail to comply will be sanctioned with fines of up to $7,500 for each intentional violation and $2,500 for each unintentional violation.

The law will clearly restrict how data can be used for online ads and will likely impact major tech companies like Google and Facebook, which make billions by showing ads online. However, consumer advocates have applauded it for meaningfully improving online privacy without affecting the content people like and for requiring businesses to be more transparent.

In addition, to guarantee individuals’ access to their personal data, the law also requires corporations to proactively explain their practices regarding their handling of personal data and list the categories of personal information that the company has collected within the past year. Companies will also have to provide a specific option on their website that allows users to prevent their personal information from being sold to third parties. More specifically, the law clarifies that such option cannot be a part of a privacy policy.

The law obviously has some similarities with Europe’s GDPR, especially when it comes to tracking ads. In fact, a new survey published by security and compliance firm TrustArc revealed that several businesses which also operate in Europe, have mentioned that their GDPR programs are helping them prepare for the California Consumer Privacy Act. The same survey also showed that most respondents aren’t ready to comply with the law yet.

Despite some resistance from businesses, the law has been regarded as an example to follow, as at least nine other states are now considering their own versions of the California law. As most states have been struggling to create a law that would protect customers’ privacy since the FCC (Federal Communications Company) ditched its own privacy law, it seems that the California Consumer Privacy Act will now lead the way for the rest of the country when it comes to that matter.