Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Why California Data Privacy Law Promises Chaos by 2020

    By
    Wayne Rash
    -
    June 29, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Data.Privacy

      BEDFORD HILLS, Va. — The new data privacy law passed in California on June 28 is that state’s attempt to rectify the excesses revealed by Cambridge Analytica and other organizations lately in which consumer information was used, sold and frequently ravaged without consent. The California Consumer Privacy Act of 2018 imposes some requirements on companies in the state that dramatically change the way consumer information is handled.

      The CCPA, is it’s becoming fondly known, closely follows the EU’s recently enacted GDPR (General Data Protection Regulation) in that it gives people access to the information that companies have stored, enables them to opt out of having their data shared and includes the EU’s concept of the right to be forgotten. The law also allows companies to compensate people for the sale of their data, and it provides for enforcement by the state attorney general.

      As one might expect, the tech industry has vowed opposition to the new law–sort of. Facebook is already saying that it is in compliance. Other companies are suggesting that the new law might mean the end of the internet, perhaps a real inconvenience, or both. But in reality, it’s neither.

      Not All That Different from GDPR

      For most large tech companies, the differences between the CCPA and the GDPR are minor. Other than the parts of the GDPR that govern where data is stored, and the draconian penalties the GDPR places on noncompliance, a company that already complies with the GDPR should have no problems complying with the CCPA.

      While the CCPA applies only to California citizens, its reach is far broader than that. First, companies of any size–the targets of the CCPA–operate in places beyond California, and it’s unlikely that they’ll have one set of procedures for Californians and another for everyone else. Second, it remains to be seen how this law will affect companies that aren’t located in California but do business there, although it’s probably safe to assume that the California’s AG will say that it does apply to them.

      “California’s law will raise the bar significantly, and this won’t be the last time it’s raised as states seek to emulate the EU’s new General Data Protection Regulation (GDPR),” Robert Cattanach, a partner at the international law firm Dorsey & Whitney, who practices cybersecurity and data privacy law, said in a media advisory. “This measure is likely to increase litigation as more consumer rights are created and expanded. That said, it is a compromise. Had the initiative passed, it had the potential to create even more significant problems for businesses and tech companies.”

      Patchwork of State Laws Could Become a Big Problem

      Cattanach isn’t the only one who is predicting that the CCPA will have an impact on states. Unfortunately for the tech industry, it’s unlikely that those states will simply pass their own versions of California’s law. What’s much more likely to happen is that each U.S. jurisdiction will pass its own law with its own privacy provisions. To some extent those laws will follow what the EU and California have done, but local interests are certain to result in legislation that adds restrictions, reporting requirements or new consumer rights.

      The result is going to be a patchwork of statewide laws with which each company doing business in those states must comply. What’s worse is that there will be independent reporting requirements, different enforcement methods and wildly different penalties for non-compliance.

      Another way to describe that result is “chaos.” The tech industry will either have to start depending on location services so that it knows where each user’s data is during the course of each transaction, or it’s going to have to start excluding (wherever possible) states with regulations that it deems too onerous.

      That in turn means that small states with strong privacy rules may find themselves without some services. After all, a small business without the resources to determine the rules in each state may well decide that the risk isn’t worth it. This is not unlike the situation those businesses are dealing with, now that the U.S. Supreme Court has said that states and localities can demand sales tax from ecommerce companies.

      New Cottage IT Industry Around Regulation Services Could Arise

      While there will potentially be a service that will be able to help those companies determine jurisdictional rules–and do it automatically–it seems unlikely that smaller companies will want to add this cost to their bottom line.

      But there is an alternative. The U.S. Congress could show some leadership and produce privacy legislation that applies to the entire nation and preempts state privacy rules. Assuming that such legislation is at least compatible with the GDPR, companies in the U.S. would be able to comply. There may be a set of rules for the U.S. and another for the EU, but if they have basically the same requirements, it would be possible for businesses to comply.

      The problem, unfortunately, is that Congress has shown no indication to act. There’s been discussion of a U.S. privacy law for years now, and following the GDPR and Cambridge Analytica, that talk has seemed more urgent, but there’s a great distance between talk and action.

      Enactment is Still Two Years Away, So Anything Can Happen

      If there’s a saving grace to the CCPA, it’s that the law doesn’t take effect for two years. This means that there’s a possibility that Congress can focus on some national legislation that is badly needed by the tech industry and other businesses where ecommerce has changed everything. A privacy law is just one part of that; so is some sort of national sales tax law. There will be others.

      But the other choice is to let tech companies become overwhelmed in a sea of conflicting regulations, so that only the largest companies survive.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×