phone 866-652-5003 Login
Feb 13th 2020

Weeks Later, Confusion Still Lingers Over CCPA and Penalties for Non-Compliance

Weeks after the CCPA went into effect, many businesses and consumers continue

to be confused.

This landmark Act in California is considered to be a model for

other states as they debate and consider their own privacy legislation.

Under the Act, companies are required to provide greater transparency

concerning how they collect and use consumer data.

Although numerous amendments have been published by California

GA's office to add clarifying language, it seems there are still more

questions than answers.

Before going into law, privacy advocates hailed the CCPA as a way

for customers to get a real glimpse into how companies handle their

personal data and how those companies use consumer data to

generate profits.

The ‘how’ has proven difficult, since some companies have incorrect

information on their websites about CCPA and how it affects consumers.

Most companies are acknowledging requests from consumers regarding

their data but creating a new burden in their internal processes – how to

manage it.

The challenge under the CCPA is the huge variance in what data

companies are required to disclose.

The main issue: Not every company is interpreting CCPA the same.

When CCPA went into effect, many companies not only mishandled

customer inquiries but also failed to update their website privacy policy

by disclosing all of the information available to consumers.

For retailers, apps and data brokers, data harvesting gives them a

competitive edge.

However, many of the existing compliance rules are still being worked out,

leading to the current confusion. Many of the rules are still unclear

and will continue to cause confusion until there are actual penalties

issued for non-compliance.

Questions still remain around what constitutes a ‘sale’ when it comes

to data exchanges and what the standards should be for identity,

verification and how much or how little companies need to

disclose in order to avoid fines.

Enforcement of the law is unlikely to start for months and is likely to

be underfunded. In fact,the California Attorney General’s office will

have only about two dozen agents assigned to enforce the law

in a state of over 40 million people.

The shift to comply with CCPA will affect many mid-size companies, but

for many large tech giants, this law doesn’t signify much of a change.

Large companies like Facebook and Google already give customers

the option to download their data, including massive files full of every

change to their account, such as new photos and ad preferences.

Facebook has maintained it does not need to alter its practices to

be CCPA compliant, noting that many of their online activities

don’t result in the sale of consumer data.

Many tech companies are still trying to figure things out and are

counting on a grace period in order to get compliant.

Social media giant Twitter is also taking steps to ensure compliance,

but their data delivery still needs some work. According to multiple

users, Twitter is sending users a JavaScript file, making it difficult for

the average consumer to access their information. The site still says

it’s working on ways to improve the experience.

Online directories, like The White Pages, are getting requests from

customers to delete information, however, there have been several

complaints that the company had not done so weeks later.

So far, it seems like most companies are doing the bare minimum

in order to say they are ‘compliant’.

Although the exact penalties for compliance still remain

questionable, it’s clear that laws like CCPA are being used as a

model for other states to follow suit.

This means that many mid-size businesses should start prioritizing

their own internal process to meet the demands of consumers

requesting their personal information.

Related Content:

How Do List Owners and Data Brokers Comply with CCPA?

The Basics Regarding CCPA (California Consumer Privacy Act)

The Full CCPA text

What is the California Consumer Privacy Act (CCPA)?

Original Article: Washington Post