Weeks Later, Confusion Still Lingers Over CCPA and Penalties for Non-Compliance
Weeks after the CCPA went into effect, many businesses and consumers continue
to be confused.
This landmark Act in California is considered to be a model for
other states as they debate and consider their own privacy legislation.
Under the Act, companies are required to provide greater transparency
concerning how they collect and use consumer data.
Although numerous amendments have been published by California
GA's office to add clarifying language, it seems there are still more
questions than answers.
Before going into law, privacy advocates hailed the CCPA as a way
for customers to get a real glimpse into how companies handle their
personal data and how those companies use consumer data to
The ‘how’ has proven difficult, since some companies have incorrect
information on their websites about CCPA and how it affects consumers.
Most companies are acknowledging requests from consumers regarding
their data but creating a new burden in their internal processes – how to
The challenge under the CCPA is the huge variance in what data
companies are required to disclose.
The main issue: Not every company is interpreting CCPA the same.
When CCPA went into effect, many companies not only mishandled
by disclosing all of the information available to consumers.
For retailers, apps and data brokers, data harvesting gives them a
However, many of the existing compliance rules are still being worked out,
leading to the current confusion. Many of the rules are still unclear
and will continue to cause confusion until there are actual penalties
issued for non-compliance.
Questions still remain around what constitutes a ‘sale’ when it comes
to data exchanges and what the standards should be for identity,
verification and how much or how little companies need to
disclose in order to avoid fines.
Enforcement of the law is unlikely to start for months and is likely to
be underfunded. In fact,the California Attorney General’s office will
have only about two dozen agents assigned to enforce the law
in a state of over 40 million people.
The shift to comply with CCPA will affect many mid-size companies, but
for many large tech giants, this law doesn’t signify much of a change.
Large companies like Facebook and Google already give customers
the option to download their data, including massive files full of every
change to their account, such as new photos and ad preferences.
Facebook has maintained it does not need to alter its practices to
be CCPA compliant, noting that many of their online activities
don’t result in the sale of consumer data.
Many tech companies are still trying to figure things out and are
counting on a grace period in order to get compliant.
Social media giant Twitter is also taking steps to ensure compliance,
but their data delivery still needs some work. According to multiple
the average consumer to access their information. The site still says
it’s working on ways to improve the experience.
Online directories, like The White Pages, are getting requests from
customers to delete information, however, there have been several
complaints that the company had not done so weeks later.
So far, it seems like most companies are doing the bare minimum
in order to say they are ‘compliant’.
Although the exact penalties for compliance still remain
questionable, it’s clear that laws like CCPA are being used as a
model for other states to follow suit.
This means that many mid-size businesses should start prioritizing
their own internal process to meet the demands of consumers
requesting their personal information.
Original Article: Washington Post