ccpa gdpr privacy act laws

Following the General Data Protection Regulation (GDPR) enactment in the European Union (EU) in 2018, the state of California wanted to enact legislation similar to the GDPR in their state. On the first day of 2020, California’s CCPA, or the California Consumer Privacy Act went into effect seeking to protect the privacy of CA residents. CCPA provides consumers rights that relate to the access, deletion, and sharing of their personal information that is being collected by businesses. These privacy regulations aren’t stopping in California as Washington, Colorado, New York, and Massachusetts are also working on regulations that will be modeled after the CCPA. 

What Requirements Does the CCPA Have?

The CCPA requires businesses to adhere to the following:

  • Businesses must disclose data collection and sharing practices to consumers most often through a privacy policy on their website

Consumers have the right to

  • request that their data be deleted
  • opt out of the sale or sharing of their personal data
  • prohibit businesses from selling personal information
  • require explicit consent to sell personal information of minors 

According to David Oberly, an associate at a respected U.S. law firm, “The CCPA is the first of a coming tsunami of state-level privacy laws which, together, will radically shift how businesses collect, use, and protect personal data”.

What Other States are Changing Legislation?

At the end of 2019, the State of Nevada wasted no time jumping on the CCPA wave, enacting Senate Bill 220, which amended their previous legislation on online privacy, went into effect in October of 2019. The senate bill allows consumers to opt out of the sale of their personal data, very similar to the CCPA. 

Nevada and California are leading the way with their new online privacy regulations, but many others are right behind them; working to enact similar bills.

  • The State of New York has pending legislation, the New York Privacy Act (NYPA), which some believe could surpass the CCPA in terms of the rights granted to consumers with respect to their data, as well as with respect to the corresponding obligations placed on covered entities.
  • The State of Massachusetts has pending legislature that is very similar to the CCPA, ‘An Act Relative to Consumer Data Privacy’, which would be another model consumer privacy legislation if passed. 
  • The State of Washington is working on legislation that would limit the use of facial recognition.
  • The State of Colorado’s Attorney General is seeking legislative authority to hold businesses accountable for violating privacy requirements. 

As of right now, New York and Massachusetts are the next states in line for a CCPA-like legislation to be passed. Within the next few years it should be expected that all other states follow suit and enact a bill that protects consumer privacy. If not done at the state level, the federal government should step in and enact some sort of privacy requirements for businesses across the country. 

CALL TO ACTION:

If you found this article helpful, please share it with a friend who might need to better protect themselves. Also, for CyberHoot would love for you to subscribe and follow us on Social Media.

Subscribe to our newsletter here up above on the right hand side of this page.

Follow us on FacebookTwitter, or Linked-In for regular posts on Cybersecurity.

Consider signing up for a free 30-day trial of CyberHoot for you and your business.

Consider purchasing our Bootcamp series of training videos for you, your family or someone you love (it is free for individuals).

Sources:

CCPA The ‘First of Many’ State-Level US Privacy Laws On The Horizon

States Press Ahead With Privacy Laws Even as Congress Stalls

New York Privacy Act (NYPA)

An Act Relative to Consumer Data Privacy

Nevada Senate Bill 220

Data Privacy Legislation Overview in 2020 (in 3 min)