800+ IT
News
als RSS Feed abonnieren๐ How Tech Companies Could Skirt California's Strict New Privacy Law
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: yro.slashdot.org
Forty million Californians "will soon have sweeping digital-privacy rights stronger than any seen before in the U.S.," reports the Associated Press, saying the new law taking effect Wednesday "might end up serving as a de facto national standard." "Early signs of compliance have already started cropping up in the form of 'Don't sell my personal information' links at the bottom of many corporate websites..." But there are catches galore. The law -- formally known as the California Consumer Privacy Act, or CCPA -- seems likely to draw legal challenges, some of which could raise constitutional objections over its broad scope. It's also filled with exceptions that could turn some seemingly broad protections into coarse sieves, and affects only information collected by business, not government. For instance, if you're alarmed after examining the data that Lyft holds on you, you can ask the company to delete it. Which it will legally have to do -- unless it claims some information meets one of the law's many exceptions, among them provisions that allow companies to continue holding information needed to finish a transaction or to keep it in a way you'd "reasonably expect" them to. "It's more of a 'right to request and hope for deletion,'" says Joseph Jerome, a policy director at privacy group Common Sense Media/Kids Action. A more fundamental issue, though, is that Californians are largely on their own in figuring out how to make use of their new rights. To make the law effective, they'll need to take the initiative to opt out of data sales, request their own information, and file for damages in the case of data breaches... State residents who do make that effort, but find that companies reject their requests or offer only halting and incomplete responses, have no immediate legal recourse. The CCPA defers enforcement action to the state attorney general, who won't be empowered to act until six months after the law takes effect. When the state does take action, though, it can fine businesses up to $7,500 for each violation of the law -- charges that could quickly add up depending on how many people are affected... Among other limitations, the law doesn't really stop companies from collecting personal information or limit how they store it. If you ask a company to delete your data, it can start collecting it again next time you do business with it. The article also provides another example of "unintended consequences and even corporate attempts to discourage people from using the law. "The job-search site Indeed.com, for instance, now explains that when anyone opts out of data sales under CCPA, it will also ask them to delete their associated accounts and all personal information."
Read more of this story at Slashdot.
...