What are my rights under the California Consumer Privacy Act (CCPA)?
–– 6 Nov 2019
California knows how to party. The Californian Consumer Privacy Act, or CCPA, is a new regulation similar to the European Union’s General Data Protection Regulation (GDPR) that is giving California citizens greater power and control over their personal data.
If you are a Californian citizen and a customer of any US-based organisation (above certain financial thresholds) and they hold personal data on you, then they must comply with this regulation.
In this post, we’ll take a closer look at the six key rights under the CCPA and what they mean for Californians…
Six key rights
Right to notice 📣
The right to notice is similar to the right to be informed under the GDPR. The right to notice means businesses must inform you what personal data they collect, why they’re collecting it, and the purposes for which the data will be used. Businesses will also need to inform you before collecting personal data for new purposes.
Right to Access 🚪
Like the GDPR’s subject access request, the CCPA also covers the right to access. The right of access gives California consumers the right to request access to the personal data they hold on them.
It means the business must provide the sources which data is collected, the business or commercial purpose, any third parties which the business shares personal data with, and any specific piece of personal data the business holds about you.
Also, if a business sells personal data, or discloses it for business purposes, consumers have the right to request the categories of data sold or disclosed.
Companies must provide 2 or more means for consumers to request access to their data, such as email, toll-free number or dedicated mobile app.
Right to Opt-Out ✋
The right to opt-out gives you the right to stop the sale of your personal data to third parties. Consumers have the right—at any time—to direct businesses that sell personal information about the consumer to third parties to stop this sale, known as the right to opt-out.
Right to Request Deletion ❌
Like to right to erasure in the GDPR. The right to request deletion allows you to ask an organisation to delete the personal data they hold on you. Similarly to right to erasure, this does have some exceptions.
For example. An organisation can refuse the request if the data is necessary for detecting security incidents, exercising free speech, protecting or defending against legal claims.
Right to Data Portability 📦
Similar to the GDPR, consumers can request a free copy of their personal information in a readily usable, machine-readable format from companies which they believe hold records.
Right to Equal Services and Prices 💰
Right to equal services and prices is about protecting you from discrimination. Essentially this right means that businesses cannot discriminate against you if you exercise any of the rights under the CCPA.
For example, if you choose to opt-out of the sale of your data to third parties. A company might deny you goods or services, or they may charge you a different price or rate for the goods and services. This right stops unfair treatment and creates an equal playing field.
What the CCPA does for you 💪
In summary, the CCPA empowers California citizens with a set of rights to protect the selling and sharing of your personal data without consent. It also gives you control of your personal data that is being collected about you.
Regulations like the CCPA along with Europe’s GDPR show the importance of this overall movement. Know your data rights; companies have an obligation to respect and notify you of them, and it’s also in their own best interest, now and in the long run.