The CCPA (California Consumer Privacy Act) became effective on January 1, 2020.
The new law lets California state residents see what data tech companies have gathered on them, have that data deleted and demand their data isn’t sold to third parties.
“The law applies to any company that operates in California and either makes $25 million in annual revenue, gathers data on more than 50,000 users or makes more than half of it’s money off of user data.” – Wired
Techcrunch recently pointed out that California’s new law is “off to a rocky start”.
Even though tech giants have spent millions to comply with the law, not all implementations are legal yet.
Companies like Uber have added the legally required “Do not sell my info” link on the website, but many have not.
“Some have made it near-impossible to find these “data portals,” [where] users can request a copy of their data or delete it altogether.” – Techcrunch
Privacy experts have witnessed deliberate attempts by some companies to confuse users with design – also called dark patterns.
But the threat of crippling fines will act a major incentive – $2500 per user data, would easily scale to billions of dollars for a company that violates the law.
CCPA’s enforcement begins on July 1, 2020. I beleive either California will push back the enforcement date due to the current disruption from COVID-19, or compliance startups will make some big money handling regulatory burdens for tech giants.