California’s Consumer Privacy Act (CCPA) came into effect on January 1, 2020.
The landmark privacy bill is now the strictest privacy law in the United States and will have big implications for U.S consumers and businesses; CCPA represents a significant step forward into data privacy protections.
CCPA only applies to companies that collect data on more than 50,000 consumers, earn a gross annual revenue of more than $25 million, or make more than 50 percent of their revenue from selling consumer data.
CCPA will also require companies to disclose to California consumers what information they are collecting, why they collect it and what third parties they share it with. In addition, they must honour all consumer requests to have their data deleted.
Companies are also banned from changing their prices or level of services for consumers who opt out of their data being sold.
Unlike the European Union’s General Data Protection Regulation (GDPR), any company found violating CCPA can face fines of up to $7,500 per personal infraction, and $2,500 for accidents.
Although the bill has come into effect now, the law will not start being enforced until July 1st 2020.
Microsoft and Mozilla have already pledged to apply CCPA to their entire user-bases despite CCPA only protecting California residents.
Mozilla will now allow users to request that Mozilla delete Firefox telemetry data stored on its servers; this will include how many tabs were open and browser session lengths.
Alan Davidson, VP of global privacy, trust and security at Mozilla said: “We’ve decided to go the extra mile and expand user deletion rights to include deleting this telemetry data stored in our systems.”
“To date, the industry has not typically considered telemetry data ‘personal data’ because it isn’t identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem.”