New consumer privacy law in California, getting closer to the GDPR?

On January 1, 2020, the new consumer privacy law will come into effect in California or CCPA (for its acronym in English), will allow, among others, that residents of that state can view, delete and stop the sale of their data personal, but the truth is that there are still many doubts regarding its application, the main one: What practices should be considered selling data?

As noted The New York Times (TNYT), privacy and security experts from different companies are not yet clear about the actions they must take to comply with the new standard, but the issue is so complex that companies such as Oracle or T-Mobile are not willing to air such discussions in public let alone give details about the compliance action plans that should be applied. The CCPA applies to companies that exchange personal data of their consumers for money or other compensation.

As an example, the company Evite, which provides online invitation services, stated that it would grant its users the option that their information is not shared with third parties for advertising purposes, while another company that provides the search engine service of jobs stated that if its users did not want their information (resumes and others) to be shared with third parties, they would be invited to delete their account on said employment platform. It is worth remembering that since 2018, Evite has stopped selling data that segmented its customers according to their preferences (food enthusiast, alcohol enthusiast, etc.), but certainly, this was not enough to comply with the new CCPA .

Implications for the rest of the US? Microsoft said the changes they will make will be applicable to all its users in the country, not just the residents of the state of California.

According to Xavier Becerra, California's attorney general, this new rule will cause companies to understand that only because the data of their users is in their possession for the business model they manage, ownership and control over them should always remain in consumers

In this regard, Google introduced a new system for its advertising services customers that restricts the use of consumer data for commercial purposes and also enabled the option for advertisers to limit the use of personal information of users who have selected the option "do not sell my data". Facebook, on the other hand, declared that "they do not sell data" and motivated their advertisers to choose the path to better comply with the CCPA. While Uber implemented the option so that its users of the shared transport service choose not to share their information with Facebook for advertising purposes.

- Advertising Notice-
Marilú Lazo
Lawyer from the Pontificia Universidad Católica del Perú (PUCP). Director of The Crypto Legal Blog, she has experience in corporate advice, consumer protection, as well as in matters of personal data protection and new technologies.


1,954Happy fans


*All fields are required
es Spanish