The California Consumer Privacy Act became law Jan. 1, but the actual process of drafting the regulation continues, with a final version expected before the July 1 enforcement date.
After requests from data privacy and cybersecurity experts for additional clarity in the law, the California Attorney General’s office released some of the first major proposed updates to the CCPA, with implications for both consumers and companies.
One of the more significant proposed updates to the data privacy law is a clearer definition of “personal information” in a new section, “Guidance Regarding the Interpretation of CCPA Definitions.” The key takeaway, according to a VentureBeat
The proposed updates clarify how consumers will receive opt-out and other data privacy notices, and specify how, and when, companies will deliver a consumer’s request for data. New exceptions to the rule are listed out for businesses, specifically when it comes to responding to a consumer’s request to know what personal information has been collected about them, their children and their devices. Similarly, the update adds some color to when service providers can retain, use, or disclose personal information.
Many companies may struggle to keep pace with the proposed CCPA revisions, and with future regulations. To prepare for these changes, organizations might start by assessing their own data structures and separating what they’re asking of customers from what’s being tracked without consent.
A DigitalCommerce360 article suggests businesses should consider how much of the information they collect is necessary, and will realistically benefit the consumer experience, as opposed to what’s being captured simply for the sake of being captured.
Balancing a personalized consumer experience with data protection may be particularly tricky for some companies, especially retailers. Companies may need to ramp up their transparency by informing consumers of privacy policy changes, and educating them on how to control their personal data to cultivate trust and retain interest among consumers.
States including New York and Nebraska are moving forward with privacy legislation, as are India and other countries. With data privacy top-of-mind both in the U.S. and abroad, consumers are sure to continue to voice their concerns.
To stay ahead of future data privacy laws and maintain consumer trust, companies will be wise to work toward CCPA compliance. Pursuing a consumer-first approach while prioritizing data organization and data policy transparency could be keys to success.