Welcome to 2020 and a New Data Privacy Gamechanger

Happy New Year…and welcome to 2020. This is definitely a key year for the Digital Economy and its impact on all of us. The last decade has seen increasing awareness of the digitization of our world, and with it the changing attitudes, activities, and aspirations of individuals, businesses, and our society as a whole. Critical…

January 2, 2020 by Alan Brown

Happy New Year…and welcome to 2020. This is definitely a key year for the Digital Economy and its impact on all of us. The last decade has seen increasing awareness of the digitization of our world, and with it the changing attitudes, activities, and aspirations of individuals, businesses, and our society as a whole. Critical issues in the Digital Economy will be at the forefront, and here at Unities we have a deep stream of work ahead of us this year addressing many of the fundamental questions. We’re looking forward to a busy time wrestling with some of the most challenging issues of our time!

The first big digital economy news for 2020 is that California’s new data privacy laws, the California Consumer Privacy Act (CCPA) came into effect yesterday. After more than 2 years of discussion and legislation, the CCPA brings new rights to citizens of California regarding their ownership, agency, and rights to their personal data. In legislation that goes far beyond Europe’s GDPR laws, the CCPA gives residents of the Golden State the right to learn what data companies collect about them. It also lets Californians ask companies to delete their data and not to sell it.

Details of CCPA are available on the Guardian and TechCrunch.

Why does this matter? There are three key reasons. First, it is a real shot-across-the-bow for the US-based large tech companies who have been collecting and monetizing personal data for several years. But also for all companies looking to use personal data to target sales and services. Many of these are based in California or derive a lot of income in California. They now need to make their business models and practices much more transparent to consumers and officials. Second, this is the first in a wave of legal activities in the USA. Several US States are some way along their journey to legislation on data privacy and consumer rights. It is likely that the US will soon have a patchwork of different legislation across the different States. This is positive in that it will help consumers and raise the national debate on these issues. However, it also will make compliance for businesses costly and impractical. That is adding fuel to the push for federal regulation in this area, most likely based along the lines of the CCPA rules. Third, the CCPA is setting a mark for the rest of the world. Built on Europe’s GDPR regulations, the CCPA has extended the debate on personal data management and individual rights will be a major theme in 2020 and beyond. The CCPA will bring more worldwide attention to what regulations may be needed, and to how they can best be defined and enforced.

With all such legislation, the key will be the cost of implementation and enforcement. It is important to mention that compliance to CCPA is predicted to be very costly for companies doing business in California. Estimates are that the bill could cost in excess of $55B to implement across all US businesses. Enforcement costs are also likely to be high. Pressure is being placed on legislators and officials to justify these costs and to consider the implications its enforcement will have on freedom of trade with the USA and competitively across the world. There is a great deal at stake and for many this is too high a price for consumer rights and data privacy.

Part of the reason for these high costs is that the CCPA provides quite a reversal to the power imbalance between companies and individuals with regard to personal data. Individuals now have greater ownership of their data. As one of the articles summarizes, the key points are as follows:

  • Businesses must disclose what information they collect, what business purpose they do so for and any third parties they share that data with.
  • Businesses will be required to comply with official consumer requests to delete that data.
  • Consumers can opt out of their data being sold, and businesses can’t retaliate by changing the price or level of service.
  • Businesses can, however, offer “financial incentives” for being allowed to collect data.
  • California authorities are empowered to fine companies for violations.

In summary, as we enter 2020 the CCPA is a very stark reminder that a major battle is raging for your personal data. Who is allowed to store and extract value from that data will be an important thread running through businesses and government activities for some time to come. As individuals, our responsibilities for managing our own data will grow significantly. It will be important for you to know what data about you is being stored where, to have a sense of why that data has value, and to whom you are willing to share that value for personal or societal gain. How ready do you feel to be an informed participant in that conversation?

—————-

More details of CCPA can be found here and a short review of its implications is here.

A useful summary of CCPA and its relationship to GDPR from this Deloitte article.

Photo by Carlos Muza on Unsplash

This website uses cookies and asks your personal data to enhance your browsing experience.