The CCPA’s “Do Not Sell My Personal Information” Provision
The state of California has come up with a unique solution to deal with data privacy concerns of its citizens by including a “Do Not Sell My Personal Information” provision in the CCPA. This lets consumers deny or withdraw consent to businesses who might otherwise use their data for profit or research purposes
The state of California has come up with a unique solution to deal with data privacy concerns of its citizens by including a “Do Not Sell My Personal Information” provision in the CCPA. This lets consumers deny or withdraw consent to businesses who might otherwise use their data for profit or research purposes.
How should businesses respond to this?
The “Do Not Sell My Personal Information” provision can be a challenge for businesses who rely heavily on monetization of data, or are completely dependent on user data. But with the appropriate amount of consideration, businesses can adjust without a severe blow to their operations.
To ensure best practices are being followed, businesses can assign a Data Protection Officer, an individual who will supervise privacy concerns of users. Having a DPO in place will strengthen the trust between the user and company, and protect the business from stark consequences of violating the CCPA.
Companies can take the following steps to prepare for the CCPA’s requirement:
- First, you need to identify whether your company falls under the CCPA’s regulatory restrictions. There’s more about the criteria for who is covered here.
- After this, the company should inspect all the ways they collect data and thoroughly examine each process. They must disclose to their consumers all the different ways in which they collect and monetize user data in the company privacy policy.
- To insure transparency in the web experience, the CCPA has asked the companies to clarify a disclosure at or before the point of data collection. Companies must therefore consider the need to restructure their websites to adhere to these regulations.
- Furthermore, companies should ensure they link to the “Do Not Sell My Personal Data” page on their homepage and in the privacy policy. The CCPA explicitly stipulates that users should be able to file a “Do Not Sell My Information” request without creating an online account. The company should also be prepared to handle customer requests and address them within 45 days.
- Lastly, to function smoothly even after abiding by the CCPA, a company should examine its clientele. Does it make sense to have a separate web property for California consumers? Or does it make the most sense to overhaul all company properties to be CCPA-compliant event though consumers from other states will visit? This is a business decision unique to each company, but it’s worth noting that lots of prominent companies (like Microsoft, for example) have committed to honoring the CCPA standards nationwide.
These are the steps which can be taken by the companies in order to build a reliable consent management platform so that they can function without legal hindrances from the CCPA and consumers.
Ethyca Team
Consent Management in Fides 2.0
Read MoreIntroducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Key Points From Ethyca’s First P.x Session
Read MoreEthyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
Seen And Heard At SOUPS 2022
Read MoreWe enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
How Do Software Engineers Feel About Data Privacy?
Read MoreAt Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
Convenience Is Not The End-Goal Of Privacy Legislation—In The UK Or Anywhere
Read MoreThe UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Seen And Heard At PEPR 2022
Read MoreOur team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
Ready to get started?
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo