Businesses in California are subject to a new law to consider: The California Consumer Privacy Act (CCPA). The scrutiny that Facebook and other companies such as Facebook have brought on the technology industry regarding data privacy has widened to all sectors, and every company conducting business in California should be aware.
What Is the CCPA?
On the 1st of January 2020, the CCPA was a law for the entire state of California – one of the very first and broadest of its kinds. While the intention behind it is to limit the size of tech firms, many smaller California firms aren’t aware of the effects the CCPA will have on their business.
These are some critical facts companies must be aware of regarding the CCPA.
The CCPA could apply to a variety of businesses that are not located in California. The CCPA certainly applies to companies located in California with greater than $250,000 in gross revenues, manage more than 50,000 records of Californians or make 50 percent of their profits from the sale of information about consumers. However, it can apply to businesses such as “doing business in California,” which could extend the scope of jurisdiction for companies without a physical presence within the state.
The CCPA provides broad definitions of personal information. Personal information is “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes primary demographic data like names and addresses. However, it also encompasses IP addresses, network activity data, and biometrics. It could also include public information if utilized in a particular manner.
The CCPA has several new obligations on businesses that fall within its scope. Consumers will have various rights arising from the CCPA, including the right to be informed about all the information they have collected and the right to refuse the sale of this information. The companies will be under obligation to provide easy accessibility to the rights of consumers, which includes opt-out options on their websites as well as toll-free numbers for consumer inquiries.
What Is the GDPR?
Many experts think that Europe’s General Data Protection Regulation (GDPR) has served as the basis of the CCPA. The groundbreaking law was the first in its class with a broad reach. Here are the most important things to know about GDPR, regardless of whether you run a business physically located in the EU.
The GDPR takes control of any business that conducts business in the EU. Businesses face massive penalties if they’re discovered to be not in compliance with even a single piece of information of one EU citizen, regardless of whether the data was gathered in person or via the internet.
The GDPR has changed the privacy policies of businesses across the globe. If you plan to conduct business in the EU, it is legally compliant with GDPR. Countries that rely on the markets of the EU are not likely to fall foul of the regulators. Through international courts, the EU also has jurisdictional authority that may be invoked against businesses that do not have physical offices within the EU.
The consequences for non-compliance with regulations can be severe. In the event of a breach or non-compliance, it could result in fines that can reach 2 million dollars or 4.4% of global turnover, or whatever is more excellent. Even though the minimum penalty is more severe than the CCPA, they’re significant enough to halt the operations of many businesses in the event of a single incident of non-compliance.
Comparing the CCPA to the GDPR
The most important thing to remember about these two laws is that compliance with one doesn’t guarantee that the other is being followed. The same is true for any other agreements for data that take the form of GDPR and the CCPA. CCPA or GDPR. They could be similar, but no business should take any of them as a given. The rules will differ in different jurisdictions. That’s why startups are advised to seek legal counsel for each territory a business could enter.
The most crucial aspect to be aware of coPA and GDPR is that proof rests on the business to ensure data privacy.
Regulators seek to expose businesses, even those who may not know about the data they gather. Both laws come with penalties for companies unaware of their privacy policies. To avoid being penalized, businesses must be informed and have guidelines.