Will peo­ple use state’s ex­panded dig­i­tal pri­vacy?

Antelope Valley Press - - Front Page - By RACHEL LER­MAN AP Tech­nol­ogy Writer

SAN FRAN­CISCO — Forty mil­lion Cal­i­for­ni­ans will soon ob­tain sweep­ing dig­i­tal pri­vacy rights stronger than any seen be­fore in the U.S. — rights that could pose a sig­nif­i­cant chal­lenge to Big Tech and the data econ­omy it cre­ated.

So long as state res­i­dents don’t mind shoul­der­ing much of the bur­den of ex­er­cis­ing them, that is.

Come Wed­nes­day, roughly one in 10 Amer­i­cans will gain the power to re­view per­sonal in­for­ma­tion col­lected by large com­pa­nies around the world, from pur­chase his­to­ries and lo­ca­tion track­ing to com­piled “pro­files” that slot peo­ple into cat­e­gories such as re­li­gion, eth­nic­ity and sex­ual ori­en­ta­tion. Start­ing Jan­uary 1, they can also force these com­pa­nies — in­clud­ing banks, re­tail­ers and, of course, tech com­pa­nies — to stop sell­ing that in­for­ma­tion or even to delete it in bulk.

The law de­fines data sales so broadly that it cov­ers almost any in­for­ma­tion shar­ing that ben­e­fits com­pa­nies, in­clud­ing data trans­fers be­tween cor­po­rate af­fil­i­ates and to third party “data bro­kers” — mid­dle­men who trade in per­sonal in­for­ma­tion.

And be­cause it ap­plies to any com­pany that meets a thresh­old for in­ter­act­ing with state res­i­dents, the Cal­i­for­nia law might end up serv­ing as a de facto na­tional stan­dard. Early signs of com­pli­ance have al­ready started crop­ping up in the form of “Don’t sell my per­sonal in­for­ma­tion” links at the bot­tom of many cor­po­rate web­sites.

“If we do this right in Cal­i­for­nia,” says Cal­i­for­nia at­tor­ney general Xavier Be­cerra, the state will “put the cap­i­tal P back into pri­vacy for all Amer­i­cans.”

Cal­i­for­nia’s law is the big­gest U.S. ef­fort yet to con­front “sur­veil­lance cap­i­tal­ism,” the busi­ness

of profit­ing from the data that most Amer­i­cans give up — of­ten un­know­ingly — for ac­cess to free and of­ten ad-sup­ported ser­vices. This law is for any­one ever weirded out when an ad popped up for the prod­uct they were just search­ing on, or who won­dered just how much pri­vacy they were giving up by sign­ing into the briefly pop­u­lar face-chang­ing tool FaceApp.

But there are catches ga­lore. The law — for­mally known as the Cal­i­for­nia Con­sumer Pri­vacy Act, or CCPA — seems likely to draw le­gal chal­lenges, some of which could raise con­sti­tu­tional ob­jec­tions over its broad scope.

It’s also filled with ex­cep­tions that could turn some seem­ingly broad pro­tec­tions into coarse sieves, and af­fects only in­for­ma­tion col­lected by busi­ness, not gov­ern­ment.

If you’re alarmed after ex­am­in­ing the data that Lyft holds on you, you can ask the com­pany to delete it. Which it will legally have to do — un­less it claims some in­for­ma­tion meets one of the law’s ex­cep­tions, which al­low com­pa­nies to con­tinue hold­ing in­for­ma­tion needed to fin­ish a trans­ac­tion or to keep it in a way you’d “rea­son­ably ex­pect” them to.

“It’s more of a ‘right to re­quest and hope for dele­tion,’” says Joseph Jerome, a pol­icy di­rec­tor at pri­vacy group Com­mon Sense Media/Kids Ac­tion.

A more fun­da­men­tal is­sue, though, is that Cal­i­for­ni­ans are largely on their own in fig­ur­ing out how to make use of their new rights. To make the law ef­fec­tive, they’ll need to take the ini­tia­tive to opt out of data sales, re­quest their own in­for­ma­tion, and file for dam­ages in the case of data breaches.

“If you aren’t even read­ing pri­vacy agree­ments that you are sign­ing, are you re­ally go­ing to re­quest your data?” asks Margot Kamin­ski, an as­so­ciate pro­fes­sor of law at the Uni­ver­sity of Colorado who stud­ies law and tech­nol­ogy.

“Will you un­der­stand it or sift through it when you do get it?”

State res­i­dents who do make that ef­fort, but find that com­pa­nies reject their re­quests or of­fer only halt­ing and in­com­plete re­sponses, have no im­me­di­ate le­gal re­course. The CCPA de­fers en­force­ment ac­tion to the state at­tor­ney general, who won’t be em­pow­ered to act un­til six months after the law takes ef­fect.

Among other lim­i­ta­tions, the law doesn’t re­ally stop com­pa­nies from col­lect­ing per­sonal in­for­ma­tion or limit how they store it. If you ask a com­pany to delete your data, it can start col­lect­ing it again next time you do busi­ness with it.

The law does of­fer stronger pro­tec­tion for children, and for­bids the sale of data from kids un­der 16 with­out con­sent. “The last thing you want is for any com­pany to think that we’re go­ing to soft on let­ting you mis­use kids’ per­sonal in­for­ma­tion,” Be­cerra, the at­tor­ney general, said at a press con­fer­ence in December.

The com­ing year will pro­vide the first ev­i­dence of how much pro­tec­tion the CCPA ac­tu­ally of­fers — and how thor­oughly Cal­i­for­ni­ans will em­brace it.

As­so­ci­ated Press

With help, San Fran­cisco real es­tate de­vel­oper Alas­tair Mac­tag­gart has pro­duced a bal­lot ini­tia­tive that would let Cal­i­for­nia vot­ers im­ple­ment new pri­vacy rules.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.