Skip to content

Resources

Push for data privacy increases

Gavel to Gavel

published in The Journal Record | June 6, 2019

Every minute more than 500,000 photos are shared on Snapchat, 4 million users watch a YouTube video, and 456,000 tweets are sent. Yet, more surprising to some is how personal information is used online without a post through things like targeted advertising and automated collection. So, as the internet becomes a constant occurrence in our lives, there is a growing debate on how data should be collected and protected online.

Into this debate comes the California Consumer Privacy Act. Currently scheduled to go into effect in January, California’s law would be a shift in U.S. data privacy law to something similar to the European Union’s General Data Protection Regulation, which took effect last year.

How does a California law affect Oklahoma businesses? If you collect large amounts of information from California residents or do over $25 million in revenue, you may be subject to the law. Even if you do neither, proponents believe that the CCPA will set a standard for companies operating nationwide. Opponents argue that data privacy regulation is better left for federal law to avoid differing state standards. No federal privacy law appears forthcoming, however, and at least nine other states are considering their own versions of the CCPA.

While protecting user information may not be new, the subject of the debate comes with what some argue are ambiguous requirements and overly broad scope. Under the CCPA, companies must provide a conspicuous opt-out for sales of personal information and be transparent on how that information is collected and used; however, personal information is broadly defined to include IP addresses, geolocation, and internet usage data, and a sale may include actions such as disclosing and disseminating.

Aside from a debate on scope, lawmakers, lobbyists and experts also disagree on key aspects of the law with only seven months away from enactment. For example, the CCPA is currently an opt-out law, but a proposed amendment would change it to require opt-in consent for any use of personal information. Lawmakers also disagree on enforcement and who is eligible to bring a lawsuit for violations – only the state attorney general, or consumers through class-action litigation for any violation – which is also the subject of a pending amendment.

What started in the EU may be making its way to the United States. As a push for privacy increases, businesses should review what personal information they collect, how that information is used, and whether online terms of use and agreements are consistent with that collection and use.

This article appeared in the June 6, 2019, issue of The Journal Record. It is reproduced with permission from the publisher. © The Journal Record Publishing Co.