Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Businesses Government The Courts

How Tech Companies Could Skirt California's Strict New Privacy Law (nbclosangeles.com) 33

Forty million Californians "will soon have sweeping digital-privacy rights stronger than any seen before in the U.S.," reports the Associated Press, saying the new law taking effect Wednesday "might end up serving as a de facto national standard."

"Early signs of compliance have already started cropping up in the form of 'Don't sell my personal information' links at the bottom of many corporate websites..." But there are catches galore. The law -- formally known as the California Consumer Privacy Act, or CCPA -- seems likely to draw legal challenges, some of which could raise constitutional objections over its broad scope. It's also filled with exceptions that could turn some seemingly broad protections into coarse sieves, and affects only information collected by business, not government. For instance, if you're alarmed after examining the data that Lyft holds on you, you can ask the company to delete it. Which it will legally have to do -- unless it claims some information meets one of the law's many exceptions, among them provisions that allow companies to continue holding information needed to finish a transaction or to keep it in a way you'd "reasonably expect" them to. "It's more of a 'right to request and hope for deletion,'" says Joseph Jerome, a policy director at privacy group Common Sense Media/Kids Action.

A more fundamental issue, though, is that Californians are largely on their own in figuring out how to make use of their new rights. To make the law effective, they'll need to take the initiative to opt out of data sales, request their own information, and file for damages in the case of data breaches... State residents who do make that effort, but find that companies reject their requests or offer only halting and incomplete responses, have no immediate legal recourse. The CCPA defers enforcement action to the state attorney general, who won't be empowered to act until six months after the law takes effect.

When the state does take action, though, it can fine businesses up to $7,500 for each violation of the law -- charges that could quickly add up depending on how many people are affected...

Among other limitations, the law doesn't really stop companies from collecting personal information or limit how they store it. If you ask a company to delete your data, it can start collecting it again next time you do business with it.

The article also provides another example of "unintended consequences and even corporate attempts to discourage people from using the law.

"The job-search site Indeed.com, for instance, now explains that when anyone opts out of data sales under CCPA, it will also ask them to delete their associated accounts and all personal information."
This discussion has been archived. No new comments can be posted.

How Tech Companies Could Skirt California's Strict New Privacy Law

Comments Filter:
  • "How Tech Companies Could Skirt California's Strict New Privacy Law"
    should be
    "How Tech Companies Will Skirt California's Strict New Privacy Law"

    Just my 2 cents ;)
  • by RotateLeftByte ( 797477 ) on Sunday December 29, 2019 @03:17PM (#59568092)

    When 20 states follow suit will you still be telling people to 'go take a hike' if you can't sell their data?

    Actually, it is worse than that. Indeed operates in the UK which follows the GDPR.
    If you can work fine there then why not in California eh?
    I'm waiting.....

    Well done California.

    • by rtb61 ( 674572 )

      The real question is what kind of data. There are really two kinds of data related to a person as an individual, broadly speaking, public data and private data. That is what really needs to be delineated, what is public data and what is private data. Consider news services and that data they keep about individuals, what is private data for a criminal and the criminal act they carried out and what is private data for that criminal, obviously the public needs to be fully aware of the crime and the perpetrator

  • If a place and its people have decided (â¦I know, hahaha. But just let's assumeâ¦) that something is forbidden because it harms them,

    and the intention of the law is obvious, as it is in this and most cases,

    why is there not a principle that by deliberately circumventing the legal rule, to break that intention, and do wjat is harming and forbidden anyway, ... ... that you then not only broke that law, but did therby show that you did it knowingly and with intent. Doubling the pubishment.

    Wh

    • I had to write this on a fuckin touch screen. And sadly, /. also doesn't support the ellipsis, which I am used to typing, as my layout supports it. (No Apple, no autocorrect or any of that cancer. I really type â, âoe, â(TM), â¦, Ã--, Ã, and various dashes and spaces by hand.)

    • The immediate problem is there are two (or more actually) laws with contradicting intention. Some laws require you to retain certain types of data. So which law should you follow?
    • by Shotgun ( 30919 )

      Because if you don't limit the law to what the law says, then you quickly have people expanding the law when it suits them.

    • ...deliberately circumventing the legal rule ... knowingly and with intent. Doubling the pubishment.

      You might google the difference between manslaughter vs involuntary manslaughter or between murder vs premeditated murder. This is the primary way by which the law takes intent into account. Then after a declaration of guilt there is another opportunity in the sentencing phase. This is where the judge has the leeway to "let them off easy" or "throw the book at them", base on witness impact statements, defendant's attitude and remorsefulness.

    • Silly pleb, laws are for little people. Everyone knows the Owners are above the law.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Sunday December 29, 2019 @03:24PM (#59568112)
    Comment removed based on user account deletion
    • Not likely there will be successful challenge either. They can monetize however they want. It's not as if indeed.com has a monopoly marketshare or uniquely provides a vital service. Even if it did, it's no different than a "Shirts and shoes must be worn" sign on a restaurant door. Privacy paranoids are not a protected class and Big Data Aggregators will ensure that never happens.
      • Under the GDPR regime, privacy paranoids have in a sense become a protected class. In effect, it is explicitly forbidden to deny someone normal service just because they exercise their privacy rights under the new law.

        That position does have risks of its own, because it potentially destroys business models that rely on that data processing for their revenue generation. If too many people choose to exercise their rights, businesses that do provide some genuine value but have until recently paid for it throug

  • by Hrrrg ( 565259 ) on Sunday December 29, 2019 @03:32PM (#59568124)

    I think these laws should be written such that the fines are paid to the individual rather than the state (or at least split 50/50). People would be much more motivated and vigilant about enforcing their rights... (wishful thinking I know)

    However, California has a ballot initiative process that gives California citizens a way to propose laws and constitutional amendments without the support of the Governor or the Legislature, so maybe the law could be amended through that process.

  • Moved overseas so will the Internet "scammers"....

  • I reckon legally enshrining the hoovering up as much personal data as one can was the sole and primary aim of this legislation.

  • (Company) now explains that when anyone opts out of data sales under CCPA, it will also ask them to delete their associated accounts and all personal information."

    That's exactly what we want, delete all our data forever when we demand it, and if your business model requires you to spread data all over the place, or even out of your dentist's office to third-party CRM and accounting cloud software, robodialers, and billing companies, you better well disclose it before we give you that data!

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...