California Consumer Privacy Act And How It Changed Data Privacy Nationwide

How It Started

On June 28th, 2018, then Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law after it passed the state legislature. On July 1st of this year, it went into effect. While it only holds jurisdiction in California, the law forced sweeping national changes.

The intentions of the Act are to provide California residents with the right to:

  1. Know what personal data is being collected about them.
  2. Know whether their personal data is sold or disclosed and to whom.
  3. Say no to the sale of personal data.
  4. Access their personal data.
  5. Request a business to delete any personal information about a consumer collected from that consumer.

By enacting this law, California changed the entire face of the country and how we approach data protection. Many websites, unwilling to make special concessions for only California residents, enacted the policies to adhere to the law across their entire platform. It was easier and cheaper than trying to figure out how to isolate only California residents.

How It’s Going

One state’s law ended up creating more data protection for every citizen of the United States. But what does this mean for you?

By now, I’m sure you’ve seen the banners at the bottom of any website you visit that uses cookies. They often say things like, “by using this website you consent to the use of our cookies, click here for more information,” or some variation on that. Some sites make it easy for you to opt out of non-essential cookies. However, some sites make you write in a request to have your data deleted, making it exponentially more difficult to opt out.

And all of this sounds very confusing. Even the name, cookie, brings to mind a pleasant experience. Who doesn’t have a favorite cookie? (Side note: actual cookies are my kryptonite.) So the feeling behind the word makes us feel more at ease.

You Don’t Bake These Cookies

But what are cookies? And how are they used?

Cookies are small data files that are sent from a website’s server to your web browser, from where they are stored on your device. Their purpose can vary, but they’re often used to: 

  • Help customize a website
  • Help a visitor navigate through a website
  • Improve user experience
  • Store a visitor’s preferences and login information

Cookies can be both an essential or a non-essential part of a site, depending on their needs.

Essential cookies are actually helpful when online. They keep you logged into an account (think about your online banking timing out when you’ve been inactive too long.) They also save your customized preferences and maintain a shopping cart when you’re in the process of checking out. These all make the internet a workable tool for us to use.

Non-essential cookies, however, are a little less favorable and up for debate. These are the little nuggets that track your habits and create profiling data points on you. Have you ever searched a trip to Disneyland only to find ads for Disneyland popping up on your social media accounts? Cookies are responsible for that.

Ok, So What Do I Do?

Well, that’s a matter of personal preference. As the debate on data privacy rages on, we’re beginning to understand how our data points are being used to track and manipulate us. A tool set up to help optimize and customize our online experience is being misused to persuade us.

Listen, I know reading over this may make me sound a little like a conspiracy theorist, but there is a practical, rational argument to data protection. As internet security becomes more of a concern, so does the data we share online. The CCPA was passed to allow us more transparency and control over that data.

I can’t tell you what to do when you’re surfing the web. What I can tell you, however, is what I do. Whenever that little banner pops up, I always click on the link to take me to more information. If the option is available to disable all non-essential cookies, I do that. Every time. It takes maybe 30 seconds. If the option isn’t available, I weigh my options about how I feel that day on whether or not I’m going to continue on the site.

That sounds extremely non-committal, I know, but I’m not going to lie to you and say I never browse a site that’s strong-arming me into giving them my data. I will say that the more I learn about data mining and data points, the less likely I am to be on a site that won’t let me disable my cookie options.

Where It’s Going

I’m going to make a prediction that amendments to the CCPA are coming. I also believe that the rest of the country will adopt stricter privacy laws allowing users more control over their data. It’s my hope that all those sites making you write in to delete your data will be forced to create an easier option for users. We’re all becoming more aware of data privacy and the need for stronger rules.

In the end, it all comes down to education. The more you know about how your data is being used, the better equipped you are to make a decision on how to share it. The right to that decision belongs to you. Keep learning about how your data is being used and what your currents rights are. And, as always, stay safe out there.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles