Californias new privacy law is off to a rocky start

Californias new privacy law was years in the making.
The law, Californias Consumer Privacy Act or CCPA became law on January 1, allowing state residents to reclaim their right to access and control their personal data. Inspired by Europes GDPR, the CCPA is the largest statewide privacy law change in a generation. The new law lets users request a copy of the data that tech companies have on them, delete the data when they no longer want a company to have it, and demand that their data isnt sold to third parties. All of this is much to the chagrin of the tech giants, some of which had spent millions to comply with the law and have many more millions set aside to deal with the anticipated influx of consumer data access requests.
But to say things are going well is a stretch.
Many of the tech giants that kicked and screamed in resistance to the new law have acquiesced and accepted their fate at least until something different comes along. The California tech scene had more than a year to prepare, but some have made it downright difficult and ironically more invasive in some cases for users to exercise their rights, largely because every company has a different interpretation of what compliance should look like.
Alex Davis is just one California resident who tried to use his new rights under the law to make a request to delete his data. He vented his annoyance on Twitter, saying companies have responded to CCPA by making requests as confusing and difficult as possible in new and worse ways.
Ive never seen such deliberate attempts to confuse with design, he told TechCrunch. He referred to what he described as dark patterns, a type of user interface design that tries to trick users into making certain choices, often against their best interests.
I tried to make a deletion request but it bogged me down with menus that kept redirecting things to be turned on and off, he said.
Despite his frustration, Davis got further than others. Just as some companies have made it easy for users to opt-out of having their data sold by adding the legally required Do not sell my info links on their websites, many have not. Some have made it near-impossible to find these data portals, which companies set up so users can request a copy of their data or delete it altogether. For now, California companies are still in a grace period but have until July when the CCPAs enforcement provisions kick in. Until then, users are finding ways around it by collating and sharing links to data portals to help others access their data.
We really see a mixed story on the level of CCPA response right now, said Jay Cline, who heads up consulting giant PwCs data privacy practice, describing it as a patchwork of compliance.
PwCs own data found that only 40% of the largest 600 U.S. companies had a data portal. Only a fraction, Cline said, extended their portals to users outside of California, even though other states are gearing up to push similar laws to the CCPA.
But not all data portals are created equally. Given how much data companies store on us personal or otherwise the risks of getting things wrong are greater than ever. Tech companies are still struggling to figure out the best way to verify each data request to access or delete a users data without inadvertently giving it away to the wrong person.
Last year, security researcher James Pavur impersonated his fiancee and tricked tech companies into turning over vast amounts of data about her, including credit card information, account logins and passwords and, in one case, a criminal background check. Only a few of the companies asked for verification. Two years ago, Akita founder Jean Yang described someone hacking into her Spotify account and requesting her account data as an unfortunate consequence of GDPR, which mandated companies operating on the continent allow users access to their data.
Californias new privacy law is off to a rocky start
(Image: Twitter/@jeanqasaur)
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2020    »