{"id":6417,"date":"2019-10-25T11:10:53","date_gmt":"2019-10-25T15:10:53","guid":{"rendered":"http:\/\/ncjolt.org\/?p=6417"},"modified":"2020-06-04T20:52:24","modified_gmt":"2020-06-04T20:52:24","slug":"regulating-privacy-how-californias-privacy-law-may-affect-consumers","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/regulating-privacy-how-californias-privacy-law-may-affect-consumers\/","title":{"rendered":"Regulating Privacy: How California's Privacy Law May Affect Consumers"},"content":{"rendered":"\n

\u00a0\u00a0\u00a0\u00a0 We all know how easy it is to accept a company\u2019s privacy policy. One click, the \u201caccept\u201d button turns green, and we are free to use the technology without a further thought. A 2017 study<\/a> found that more than 90% of people accept privacy policies without more than a glance. Most of us do so for two reasons \u2013 we do not have the time to read the entirety of the policy or we know that refusing to accept the policy means we will be unable to access whatever we are seeking to use. Does this place the onus on the consumer, to be more selective in the choices they make regarding technology usage? Or should companies be held responsible for making privacy policies difficult to understand and technology inaccessible? Do individual consumers retain any market power in this setup?<\/p>\n\n\n

     Federal Trade Commission (FTC)\nCommissioner Rohit Chopra explained the dangers of allowing companies to\nmaintain control over data in an October 18 hearing<\/a> in front of a House antitrust\nsubcommittee. He pointed out that \u201ccompanies can use their market power to\nchange terms of service to enhance data collection efforts\u201d. Essentially,\nChopra argues that changes in privacy policy are a price hike, with the cost\npaid by the consumer\u2019s data. <\/p>\n\n\n

\u00a0\u00a0\u00a0\u00a0 The state of California has decided that cost is too high to continue allowing companies unfettered access to data without regulation<\/a>. These regulations will be used to enforce California\u2019s Consumer Privacy Act (CCPA) which was passed to give individuals control over their data \u2013 they can request their data be deleted and can choose to \u201copt out of having their information sold to a third party.\u201d While the cost<\/a> of this legislation is expected to be upwards of $50 billion, the necessity is clear \u2013 \u201cAmericans should not have to give up their digital privacy to live and thrive in this digital age.\u201d <\/p>\n\n\n

\u00a0\u00a0\u00a0\u00a0 What rights would consumers seek if they were given a choice? Would they want access to market power as individuals or would consumers be grouped as a whole in order to balance their strength against the strength of businesses? The four basic rights<\/a> the CCPA grants are the right to know, to delete, to opt-out, and to non-discrimination. The first three are essentially self-explanatory \u2013 they concern how information is used and what this means for consumers. The fourth right \u2013 the right to non-discrimination \u2013 specifies that a company may not discriminate against a consumer who \u201cexercises a privacy right under CCPA.\u201d <\/p>\n\n\n

     Importantly, it is the requirements<\/a> of business under CCPA that\nprovides the legal basis for compliance under the Act. For instance, to comply\nwith a consumer\u2019s right to opt-out, a business must<\/em> (per the draft regulations)\ntreat requests that indicate the choice to opt-out as valid. Further, if a\nbusiness is offered financial incentives to retain or sell a consumer\u2019s data,\nthey must disclose the incentive offered and \u201cexplain how they calculate the\nvalue of the personal information\u201d. This speaks to Commissioner Chopra\u2019s\nconcern regarding the lack of market power of consumers within the data\nmarketplace. However, is the explanation sufficient to give consumers actual\npower to negotiate within the marketplace? <\/p>\n\n\n

     What does California\u2019s implementation of a\nprivacy law mean for the future of privacy law? Will a national policy be more\nlikely to go into effect? Will states seek to lure companies from California\nwith the promise of less stringent data regulation? One of the proposals<\/a> supported by company\nrepresentatives is the implementation of a national privacy law, in particular,\none that mimics the General Data Protection Regulation (GDPR) in Europe. That\nregulation informs consumers how personal data is collected and used. However,\nMicrosoft President Brad Smith argues companies should not wait for a federal\nlaw to be enacted \u2013 they should take it upon themselves to protect consumer\nprivacy. He supports CCPA, particularly because its emphasis is on how\ncompanies handle data, likely providing impetus for internal policy change by\ncompanies. <\/p>\n\n\n

\u00a0\u00a0\u00a0\u00a0 Privacy law is complicated and introducing regulation will likely be an arduous process. Section 99.308 of the regulations<\/a> California is proposing relate directly to the very issues consumers face when they hit the accept button. This section aligns closely with the GDPR \u2013 consumers have the \u201cright to request that the business disclose what personal information it collects, uses, discloses, and sells.\u201d However, it\u2019s target seems to be the consumer \u2013 it is not the business that puts forward the information first; instead it is up to the consumer to seek out that information. While this process might simplify our ability to request information, does it actually offer consumers the protections they seek? <\/p>\n\n\n

Julia Prieto <\/p>\n\n\n

October 25, 2019<\/p>\n","protected":false},"excerpt":{"rendered":"

\u00a0\u00a0\u00a0\u00a0 We all know how easy it is to accept a company\u2019s privacy policy. One click, the \u201caccept\u201d button turns green, and we are free to use the technology without a further thought. A 2017 study found that more than 90% of people accept privacy policies without more than a glance. Most of us do …<\/a><\/p>\n","protected":false},"author":1,"featured_media":5793,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/6417"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=6417"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/6417\/revisions"}],"predecessor-version":[{"id":6796,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/6417\/revisions\/6796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5793"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=6417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=6417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=6417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}