Is CCPA the start of a new privacy wave?
Mark Cuban famously once declared that data is the new oil. A modern-day Gold Rush quickly followed as tech companies attempted to hoover up as much online data across multiple devices and sell it to the highest bidder.
Every swipe on a smartphone screen, click of a mouse, and online search helps businesses build a profile and provide you with personalized experiences you crave. But at what cost? Behind the buzzwords, there is no escaping the fact that our data is driving today's data-driven economy and generating extreme wealth for tech companies.
The Digital Frontier of Personal Data
We are all tracked by the websites and apps that we use each day, sometimes without our consent. The world's biggest data breaches can also be tracked online and highlight the scale of the problem. Unsurprisingly, support for privacy and data protection has entered the mainstream. The wild west days of the internet are coming to an end. The regulators are riding into town with data privacy at the top of their agenda.
In Europe, The General Data Protection Regulation (GDPR) forced businesses to overhaul how they process and handle data. Those that failed to meet the requirements of the new law could face a maximum fine of up to 4% of annual global turnover or €20 million. South Korea, India, Argentina, and many more countries have also added new privacy regulations too.
The global community is beginning to question the tech ecosystem of companies that are exploiting their data. In the United States, many wondered how long it would be until regulators adopted a similar system to protect the privacy of its citizens. But all that changed on January 1st, 2020, with the California Consumer Privacy Act (CCPA).
What Is CCPA?
Much like GDPR, the California Consumer Privacy Act is a brave attempt to reign in businesses and makes them accountable for their actions in the data-driven economy. In a new era of trust and transparency, companies must disclose their data collection strategies and sharing practices with their customers.
The legislation puts the customer back in control of their data. Users will have the right to request that an organization deletes their information and prevent the sale or sharing of their personal data to third parties.
The law protects everything from your browsing history, personal characteristics, location information, and even biometric data. Unlike GDPR, the slightly softer approach does not insist that businesses have a valid reason for processing data or minimize the quantity of data they collect.
A New Digital Landscape of Opportunity
Although we live in a digital age where technology dominates every aspect of our lives, there are still many lessons we can learn from our analogue past. During the 1849 California Gold Rush, prospectors digging for gold seldom struck it rich. The real money was made by quick-thinking opportunists selling shovels, jeans, tents, pickaxes, and other essential supplies.
As companies of all sizes begin to make sense of the new CCPA legislation, many will anxiously enter panic mode. Others will immediately attempt to throw money at the challenges ahead and make it somebody else's problem.
As a result, we can expect start-ups, consultants, and law firms to grab a slice of the $55 billion that companies are expected to part with to secure compliance. CCPA will provide challenges and opportunities in equal measure depending on what side of the fence you find yourself or your business.
Why CCPA Is the Beginning of The End for The Wild West of Data
CCPA is not just a wave of change. It represents a tsunami of new US privacy laws that will follow. Eventually, it will go on to impact how every business will collect, store, and use personal data. For many in the US, this will be the watershed moment where the regulators start clearing up the wild west of data.
As the GDPR-style privacy law faces initial challenges in California, other states will be watching very closely. Many will be looking to learn lessons from the Golden State before designing and implementing their own version around the blueprint of CCPA.
Microsoft has already announced plans to implement the provisions to be CCPA-ready not just in California, but for all its customers. Google announced it would eliminate third-party cookies from Chrome, and Apple also revealed it was doubling down on privacy too. These are just a few examples of how attitudes are already changing and how regulators have tech companies firmly in their sights.
The Future of Data Privacy
Google knows first-hand what it's like to be on the wrong side of antitrust regulators. The tech giant was faced with combined fines of $9.5 billion by the EU. Preparing for CCPR is not just about weathering a privacy storm. It's much bigger than that.
Here in 2020, both legislators and businesses are desperately searching for a solution to tackle the problem of data privacy in a digital age. Some will predictably attempt to resist or fight the changes. But as conversations around privacy dominate the global stage, many will quickly realize that it's easier to swim with the tide rather than against it.
Although the pace of technological change feels like it is accelerating at breakneck speed, the reality is genuine change moves quite slowly. For example, it has been reported that only 28% of firms around the world can claim to be GDPR-compliant.
CCPA is not the first privacy rule that business leaders will have to get to grips with, and it won't be the last. Eventually, we can hope that all nations will agree on a single GDPR style standard to meet the demands of the global community.
Businesses are starting to include data privacy in their security strategy. But we are just at the beginning of this journey. In ten years, we will look back at 2020 as the moment where the world started to take privacy seriously and force the biggest tech companies to play by a new set of rules.
We have a long journey ahead of us. But we are witnessing the beginning of the end for the wild west days of Big Data and that can only be a good thing.