California passed a data privacy law that increases privacy protections for the fifth largest economy in the world. The California data privacy law will protect nearly 40 million people while also covering $3.2 trillion in economic output, as this landmark law will go into effect in 2023.
The California privacy law will have a ripple impact across the United States, as the country doesn’t have a nationwide privacy law. Many businesses will choose to increase these privacy protections for all users instead of creating privacy patchwork solutions for different states. Ultimately, this is much easier to implement, and it’s also more economical.
Prop 24 Explained
Understanding California proposition 24 is important for anyone working with connected devices or in the tech industry. Companies will have to learn a brand new set of regulations, as California Prop 24 replaces the California Consumer Privacy Act (CCPA). Here are a few key items to remember to help you understand this landmark data privacy law.
1) Enforcement of Data Privacy
The passing of Prop 24 will result in the United States’ first government watchdog focused on data protection and privacy. The Privacy Protection Agency will have a $10 million annual budget, which helps them to enforce privacy protections, which was not possible under the previous CCPA.
Companies that leak data on purpose or by accident will be forced to pay a $2,500 fine per violation. The cost of these violations will also triple if it involves the privacy of minors, which results in a business paying $7,500 for each violation. Organizations will need to be much more careful in capturing data for anyone under the age of 15, or they risk paying these significant fines.
Unfortunately, the threat of these fines is a gold mine for hackers. Bad actors in Europe are already forcing companies to pay ransomware schemes to avoid paying the fines for these data breaches. These malicious attacks will most likely shift to the United States due to the California privacy law. Now is a great time for companies to look at ways to shore up their defenses to avoid the chance of a data breach.
The days of voluntary compliance are now over, as it’s important to begin preparing for the California Prop 24 law that goes into effect in a couple of years. Companies will need to develop a plan to verify data collection, tracking, and methods of storage to ensure you have significant internal controls and well-defined documentation.
2) The End is Near for Cookies
Cookies are small files that track users on the internet, as they were initially used to enhance the user experience. However, these cookies eventually evolved into invasive trackers that resulted in a significant invasion of privacy, often without any permission from the user.
The California data privacy law will most likely end this dynamic and provide much greater protection for user privacy. Companies need to find new ways to gain insight into user behavior while still keeping each person anonymous. Businesses can no longer expect to know all of these details about consumers without gaining permission. The market will need to evolve into using new innovations to gain data in helpful ways while still maintaining user privacy.
Many people are fine with this kind of anonymous collection of data, which is also known as “differential privacy,” which sets up a data collection framework that gathers information as a whole without identifying individuals. This method allows for data sharing across geographical borders while still maintaining compliance with privacy laws.
3) Data Privacy Strategy
Artificial intelligence can play an important role in developing a data privacy strategy by rapidly segmenting and sorting user data to avoid any privacy violations. The use of artificial intelligence can also still provide personalization benefits while only keeping the necessary information to keep data collection to a minimum.
Using the full capabilities of artificial intelligence to process a massive amount of data can enhance precision while also reducing the amount of human intervention to maintain a data privacy strategy. Both of these factors will be crucial in processing such a large amount of information. The California privacy law will most likely accelerate innovation and investment in the near future. Businesses will need to focus on maintaining data privacy while capturing information to avoid any violations.
Strategically implementing artificial intelligence will allow you to sort and store a massive amount of information while still preserving privacy and complying with California Prop 24.
4) Monitor Compliance Thresholds
The California data privacy law modifies the compliance thresholds in two different ways. First, sharing information is now considered selling. Your business must stay in compliance with the California data privacy law if you share data with any third parties for commercial use.
Secondly, the California privacy law doesn’t apply to any organizations that sold, shared, or purchased data from less than 100,000 customers each year. This is an increase from 50,000 households, which is a great thing for any startup company. However, startups can often cross this threshold without even realizing it if they are not careful.
However, companies with over $25 million in gross revenue from the previous year will still need to follow the California privacy law. These thresholds also still apply if you share common ownership with sister brands. You should avoid trying to circumvent these regulations by creating subsidiaries unless they are standalone companies.
5) Make Changes Now to Prepare for the Future
California Prop 24 now adds data sharing limits, which weren’t covered by the previous CCPA. While this is a step in the right direction, consumers will want more than just limiting how companies collect and share their information. Companies need to look at ways to navigate these challenges by creating user-centric privacy options that empower clients instead of organizations.
Customers will need more transparency and control, as four out of five clients will share more of their data if companies are more transparent on how it’s used. According to the National Privacy Survey, most Americans prefer a national privacy law while also wanting the right to create an expiration date for using their personal information.
All of these privacy innovations may sound complex to implement, but data expiration makes it possible for clients to determine their privacy parameters on a case-by-case basis. Ultimately, this helps to earn client loyalty by offering control and transparency.
How to Future Proof Your Company for a National Privacy Law
California Prop 24 will likely lead to many conversations about privacy regulations on the federal level. No one yet knows if politicians will begin to prioritize a national law or if California will lead the way in data privacy.
Now is a new age for data privacy in the United States. Everyone deserves a right to privacy in our digital world, as companies need to evolve to focus on both privacy and making a profit. Instead of being an idealistic dream, it’s one of the most exciting challenges for businesses in the coming decade.
The new framework for privacy will become an accelerant for a more user-friendly approach across the digital world. Over time, these business models will get stronger while also strengthening the bonds with each customer. Data privacy laws are a win-win for everyone, as businesses now must put in the additional work for a changing future.
Related DAC Content