California’s landmark data privacy law, which went into effect in January and gives consumers greater access and control over their personal information, will now be enforced, according to the state’s attorney general.
“Today we begin enforcement of the California Consumer Privacy Act (CCPA), a first-of-its-kind data privacy law in America,” said California Attorney General Xavier Becerra, in a July 1 press release. “We encourage every Californian to know their rights to internet privacy and every business to know its responsibilities.”
The attorney general’s office says the law generally gives California consumers the following rights:
- “Right to Know – Consumers may request that a business tell them what specific personal information they have collected, shared or sold about them, and why it was collected, shared, or sold;
- Right to Delete — Consumers may request that a business delete personal information that the business collected from the consumer, subject to some exceptions;
- Right to Opt-Out — If a business sells their personal information, consumers may request that it stop doing so;
- Rights for Minors — A business cannot sell the personal information of minors under the age of 16 without their permission and, for children under 13, without parental consent; and
- Right to Non-Discrimination — A business may not discriminate against consumers who exercise their rights under the CCPA.”
For California companies to be subject to the law, they must have either a gross annual revenue of more than $25 million; handle the personal information of 50,000 or more consumers; or make 50 percent or more of their annual revenues from selling consumers’ personal information.
“The website of every business covered by the law must now post a link on its homepage that says ‘Do Not Sell My Personal Information,’” said Becerra, urging Californians to click on the link. “Remember, it’s your data. You now get to control how it’s used or sold,” he said.
As enforcement of the California law begins, calls for Federal privacy legislation continue.
“As the enforcement of CCPA takes effect today, it is clear Congress must act to create a national privacy framework that ensures consumer protections are the same across the country and provides our small businesses and innovators with much-needed certainty,” said Reps. Greg Walden, R-Ore., and Cathy McMorris Rodgers, R-Wash., who are top Republican members on the House Energy and Commerce Committee and Consumer Protection and Commerce Subcommittee, respectively. “We can build off the California experiment and enact a strong national privacy standard that better protects our constituents while not stifling the innovative services keeping us connected.”
Rep. Frank Pallone Jr., D-N.J., chair of the Energy and Commerce Committee, and Rep. Jan Schakowsky, D-Ill., chair of the Consumer Protection and Commerce Subcommittee, said in April that they would monitor privacy considerations in coronavirus tracking tools. Rep. Pallone did not have a comment at the time of the enforcement of the California law. The committee released an initial draft of legislation last December.
Privacy legislation has also stalled in the Senate despite multiple proposals and a renewed call during the pandemic from Sen. Roger Wicker, R-Miss., chair of the Senate Commerce, Science, and Transportation Committee.