By Nandita Bose
WASHINGTON (Reuters) – Final regulations that guide businesses and consumers under California’s new digital privacy law went into effect on Friday, marking a significant step towards giving Americans the right to request their data be deleted from e-commerce websites and social media.
The California Consumer Privacy Act (CCPA), effective since the start of 2020, oversees the data collection practices of U.S. companies and allows state residents to opt out of having data sold to third parties.
The law gives California residents the right to see the specific pieces of personal data that a company has collected on them – such as smartphone locations, voice recordings, ride-hailing routes, biometric facial data and ad-targeting data. They also have the right to know what kinds of third parties – like app developers – a company has sold that information to.
It also allows residents to see the inferences that have been drawn about them, including predictions or categorizations related to a person’s behavior, attitudes, psychology, intelligence or abilities.
The law in California, which has a population of close to 40 million, impacts roughly one in ten Americans.
The law covers tech platforms, ride-hailing services, retailers, cable TV companies, mobile service providers and others that collect personal data for commercial purposes, including Facebook Inc
It also covers companies collecting the personal information of 50,000 people or more every year, as well as businesses with annual revenues above $25 million.
The privacy bill was passed in June 2018 with a compliance deadline of Jan. 1, 2020. Since then many businesses have added “Do Not Sell My Info” links to their websites and signage in stores. https://reut.rs/3kN8MzW
Indications of how the state will handle enforcement will be tracked closely as companies continue to invest in compliance.
(Reporting by Nandita Bose in Washington; Editing by Chris Reese and Sonya Hepinstall)