California’s new privacy law is off to a rocky start

<p class = "canvas-atom canvas-text Mb (1,0em) Mb (0) – sm Mt (0,8em) – sm" type = "text" content = "California's new privacy The law was years in the making. "data-reactid =" 11 ">California's new privacy Law was years in the making.

<p class = "Canvas Atom Canvas Text Mb (1.0em) Mb (0) – sm Mt (0.8em) – sm" type = "text" content = "The law, the California Consumer Privacy Act – or CCPA – was Law on January 1stThis enables citizens to reclaim their right to access and control their personal data. Inspired by the GDPR in Europe, the CCPA is the largest change in data protection law in all of Europe in one generation. Under the new law, users can request a copy of the data that tech companies have, delete the data when it is no longer needed by a company, and request that their data not be sold to third parties. All of this is very much to the detriment of technology giants, some of which had spent millions to comply with the law and set aside many millions more to cope with the expected influx of data access requests to consumers. "Data-reactid =" 12 "> The law, California’s Consumer Privacy Act – or CCPA – was Law on January 1stThis enables citizens to reclaim their right to access and control their personal data. Inspired by the GDPR in Europe, the CCPA is the largest change in data protection law in all of Europe in one generation. Under the new law, users can request a copy of the data that tech companies have, delete the data when it is no longer needed by a company, and request that their data not be sold to third parties. All of this is very much to the detriment of technology giants, some of which had spent millions to comply with the law and set aside many millions more to cope with the expected influx of data access requests to consumers.

But to say that things are going well is a stretch.

<p class = "canvas-atom canvas-text Mb (1.0em) Mb (0) – sm Mt (0.8em) – sm" type = "text" content = "Many of the technology giants that kicked and screamed in resistance to the new law, their fate has admitted and accepted – at least until something else comes along, California's tech scene has had more than a year to prepare, but some have made it difficult for users and, ironically, made it more invasive in some cases to exercise their rights, mostly because each company interprets what compliance looks like differently should. "data-reactid =" 14 "> Many of the technology giants that kicked and screamed in resistance to the new law, their fate has admitted and accepted – at least until something else comes along, California's tech scene has had more than a year to prepare, but some have made it difficult for users and, ironically, made it more invasive in some cases to exercise their rights, mostly because each company interprets what compliance looks like differently should.

Alex Davis is just a California resident who has attempted to use his new legal rights to request the deletion of his information. He was angry about Twitter, saying companies responded to CCPA by making requests "as confusing and difficult as possible in new and worse ways".

<p class = "canvas-atom canvas-text Mb (1.0em) Mb (0) – sm Mt (0.8em) – sm" type = "text" content = "" I've never seen such targeted attempts confuse design "he said to TechCrunch. He was referring to what he called" dark patterns "a Type of user interface design that tries to trick users into making certain decisions, often against their interests. "data-reactid =" 16 ">" I've never seen such deliberate attempts to confuse design, "he said to TechCrunch, referring to what he described as" dark patterns "a Type of user interface design that tries to trick users into making certain decisions, often against their best interests.

"I tried to make a delete request, but it overwhelmed me with menus that constantly redirect … things that need to be turned on and off," he said.

<p class = "Canvas-Atom Canvas-Text Mb (1.0em) Mb (0) – sm Mt (0.8em) – sm" type = "text" content = "Despite his frustration, Davis has got ahead of others. Just like some companies made easy Many have not done so that users can refuse to sell their data by adding the "Don't sell my data" links on their websites. Some have made it nearly impossible to find these "data portals" set up by companies so that users can request a copy of their data or delete it entirely. California companies are currently on a grace period – however, they have until July before the CCPA enforcement provisions take effect. Until then, users will look for ways to work around this Compiling and sharing links on data portals to make it easier for others to access their data. "data-reactid =" 18 "> Despite his frustration, Davis has progressed beyond others, just like some companies made easy Many have not done so that users can refuse to sell their data by adding the "Don't sell my data" links on their websites. Some have made it nearly impossible to find these "data portals" set up by companies so that users can request a copy of their data or delete it entirely. California companies are currently on a grace period – however, they have until July before the CCPA enforcement provisions take effect. Until then, users will look for ways to work around this Compiling and sharing links on data portals to make it easier for others to access their data.

"We're really seeing a mixed story right now about the response from CCPA," said Jay Cline, who consults the giant PwC's privacy practices, as a patchwork of compliance.

According to PwC's own data, only 40% of the 600 largest US companies had a data portal. Only a fraction, Cline said, have extended their portals to users outside of California, although other states are willing to push laws similar to the CCPA.

However, not all data portals are created equally. Given the amount of data companies store with us – personally or otherwise – the risk of making mistakes is greater than ever. Technology companies are still trying to find the best way to review every data request, to access or delete a user's data without accidentally sharing it with the wrong person.

<p class = "canvas-atom canvas-text Mb (1,0em) Mb (0) – sm Mt (0,8em) – sm" type = "text" content = "Last year security researcher James Pavur embodied his fiancee and tricked tech companies into submitting huge amounts of data about them, including credit card information, account logins, and passwords, as well as a criminal background check in one case. Few companies asked for verification. Two years ago, Akita described Jean Yang someone who chops into their Spotify account and requesting their account information as an "unfortunate consequence" of the GDPR that mandated companies on the continent to give users access to their data. "data-reactid =" 22 "> Last year, security researcher James Pavur embodied his fiancee and tricked tech companies into submitting huge amounts of data about them, including credit card information, account logins, and passwords, as well as a criminal background check in one case. Few companies asked for verification. Two years ago, Akita described Jean Yang someone who chops into their Spotify account and request their account information as an "unfortunate consequence" of the GDPR, which has committed companies operating on the continent to giving users access to their information.

<p class = "canvas-atom canvas-text Mb (1.0em) Mb (0) – sm Mt (0.8em) – sm" type = "text" content = "(Image: Twitter /@jeanqasaur) "data-reactid =" 43 "> (Image: Twitter /@jeanqasaur)

According to the CCPA, companies should verify a person's identity with an "adequate level of security". For some, this is just an email address to send the data.

Others have to send in even more sensitive information to prove that they are.

<p class = "canvas-atom canvas-text Mb (1.0em) Mb (0) – sm Mt (0.8em) – sm" type = "text" content = "In fact, i360 is a little known advertisement and data company, until recently asked California residents for a person's full social security number. This has recently been changed to the last four digits. Verizon (owner of TechCrunch) wants its customers and users to do this Upload your driver's license or status ID to verify their identity. Comcast demands the same thing, but goes one step further ask for a selfie before it shares a customer’s data. "data-reactid =" 46 "> In fact, i360, a little-known advertising and data company, until recently asked California residents for a person's full social security number. This has recently been changed to the last four digits. Verizon (owner of TechCrunch) wants its customers and users to do this Upload your driver's license or status ID to verify their identity. Comcast demands the same thing, but goes one step further ask for a selfie before it shares a customer’s data.

<p class = "canvas-atom canvas-text MB (1.0em) MB (0) – SM MB (0.8em) – SM" type = "text" content = "Comcast asks for the same amount of information to be checked a data request as a controversial face recognition startup, Clearview AI, which recently Made headlines "data-reactid =" 47 "> Comcast is asking for the same amount of information to verify a data request as the controversial facial recognition startup Clearview AI, which recently Made headlines for the creation of a surveillance system made up of billions of images taken by Facebook, Twitter and YouTube to support the law enforcement of a person's movements.

<p class = "canvas-atom canvas-text Mb (1,0em) Mb (0) – sm Mt (0,8em) – sm" type = "text" content = "As much as CCPA has caused difficulties, it has Difficulties Assisting in the creation of a whole new class of compliance startups that will help both large and small companies to cope with regulatory burdens, and several startups in the area are using the $ 55 billion that is expected to be released next year Compliance with the CCPA regulations segmentThis gives customers a consolidated overview of the data they have stored. Osano This helps companies to comply with the CCPA. and Securitiwho has just raised $ 50 million to expand its CCPA offering. With CCPA and GDPR, their services are designed to adapt to new state or state laws as soon as they come in. "Data-reactid =" 48 "> As much as CCPA has caused difficulties, it has also helped to forge an entirely new one. A group of compliance startups willing to help large and small companies cope with regulatory burdens Several startups in this area are taking advantage of the $ 55 billion that is expected to be spent next year on complying with CCPA guidelines segmentThis gives customers a consolidated overview of the data they have stored. Osano This helps companies to comply with the CCPA. and Securitiwho has just raised $ 50 million to expand its CCPA offering. With CCPA and GDPR, their services are designed to adapt to new state or federal laws as soon as they come into force.

Another startup, Mine, which allows users as brokers to "own" their data so users can easily make requests under CCPA and GDPR, had a somewhat bumpy debut.

<p class = "canvas-atom canvas-text MB (1.0em) MB (0) – SM MB (0.8em) – SM" type = "text" content = "The service is asking users to give them access to a mailbox of the user, scanning for email subject lines containing company names, and using this data to determine which companies a user can request or have their data deleted from asks for access A user's Gmail, but the company claims it will "never read" users' emails.) Last month, Mine accidentally copied some email requests to TechCrunch, so we got the names and email Can see addresses of two requesters Who wanted Crunch, a popular gym chain with a similar name, to delete their data? "data-reactid =" 50 "> The service prompts users to provide access to a user's inbox and to search for email subject lines, company names, and use that information to determine which company a company uses Users can request or have their data deleted asks for access A user's Gmail, but the company claims it will "never read" users' emails.) Last month, Mine accidentally copied some email requests to TechCrunch, so we got the names and email Can see addresses of two requestors Who wanted Crunch, a popular fitness chain with a similar name, to delete their data?

(Screenshot: Zack Whittaker / TechCrunch)

TechCrunch alerted Mine – and the two applicants – to the vulnerability.

"This was a mix-up on our part when the search engine that identified the addresses of corporate data protection offices identified the wrong email address," said Gal Ringel, co-founder and CEO of Mine. "This issue was not reported during our testing phase and we fixed it immediately."

For the time being, many startups have taken a break.

The early-stage smaller startups that don't yet generate $ 25 million in annual sales or store the personal information of more than 50,000 users or devices don't have to comply with the CCPA immediately. But that doesn't mean that startups can be complacent. As early-stage companies grow, so does their legal responsibility.

"For those who launched these portals and offer rights to all Americans, they are in the best position to be prepared for these additional states," said Cline. "Smaller companies have some benefit of compliance when their products or services are goods because they can incorporate these controls from the start," he said.

<p class = "canvas-atom canvas-text MB (1.0em) MB (0) – SM MB (0.8em) – SM" type = "text" content = "CCPA may have got off to a rough start, but time will tell whether it gets easier. Just this week, Californian Attorney General Xavier Becerra newly updated instructions published aimed to "fine tune" the rules, according to his spokesman. It turns out that even California lawmakers are still trying to find the right balance. "Data-reactid =" 73 "> The CCPA has got off to a rough start, but time will tell if it gets easier. Just this week, Attorney General Xavier Becerra in California newly updated instructions published aimed to "fine tune" the rules, according to his spokesman. This shows that California lawmakers are still trying to find the right balance.

But given the impending high fines that are only a few months away, the time for non-compliance is running out.

Here, California residents can prevent companies from selling their data





Source link

Be the first to comment

Leave a Reply

Your email address will not be published.


*