CCPA: What California’s brand-new personal privacy law indicates for Facebook, Twitter users

This story belongs to a series on the California Consumer Privacy Act. The law enters into impact on Jan. 1, 2020.

Facebook, Twitter, ConnectedIn and other social networks business gather a chest of information about their users. That’s not a surprise. We offer our birthdays, telephone number and e-mail addresses together with where we work and went to school. These tech giants understand method more about you than you may understand, including your place, the gadget you utilize and a few of your biometric attributes.

The California Consumer Privacy Act, likewise called CCPA, is developed to suppress what business can do with all that info. The law, which enters into impact on Jan. 1, comes as issues about personal privacy grow after a stable stream of scandals, like Facebook’s Cambridge Analytica information ordeal. A rigorous European law, called the General Data Protection Regulation, worked in 2015. 

Now playing:
Watch this:

California’s new privacy law: Everything you need to…

2:52

Social media companies are still interpreting California’s legislation, but they say Europe’s law has already forced them to put in place many privacy guardrails, including the right to access and delete personal data. Facebook expanded tools so users could access, download or delete their information. Still, CCPA could impact the amount of data Facebook, Twitter and other social media companies can collect about you, particularly from third parties like websites or apps. The companies will also likely make it clearer to users how their data is being shared and used. 

The passage of CCPA has fueled debate about new privacy laws and other states have already considered similar legislation. Nevada and Maine have already passed privacy laws. In November, Democrats introduced federal online privacy legislation in the Senate designed to give US consumers more control over their data. 

“The debate will inevitably increase the requirements and the burden on the social media companies as well,” said Omer Tene, vice president and chief knowledge officer at the International Association of Privacy Professionals. 

Here’s what you need to know about CCPA:

What rights do I have under the California Consumer Privacy Act?

If you’re a California resident, you’ll have the right to know what personal information businesses collect, use, share or sell, and you’ll be able to delete it. You’ll also be able to tell a business to stop selling your personal information. 

If you do, don’t worry about being blackballed. Businesses, including Facebook, Twitter and other social media networks, are barred from discriminating against anyone who chooses to exercise these rights, and business websites and apps will be required to provide a “Do Not Sell My Info” link.

The law applies to businesses with a gross annual revenue of more than $25 million. 

Sounds like a lot of work. What are social media companies doing to prepare for CCPA?

Europe’s GDPR gave social media companies a head start on complying with privacy legislation. Still, they’ve been busy updating their privacy policies. 

In December, Twitter launched a new privacy center and said updated policies would provide more clarity about how the company processes data. Some of the changes include letting users know that Twitter may combine data from its ad partners may be combined with data consumers already share with the company. 

LinkedIn also updated its privacy policies and terms of service, and it will be posting a notice so members understand their rights and how the company is complying with the law. “We’ve used CCPA as a chance to reaffirm our longstanding commitment to provide transparency and control to all our members,” Kalinda Raina, who leads global privacy efforts at the professional network, said in a statement.  

OK, so it sounds like social media companies are taking the law seriously. Will they roll out any new privacy tools to help me lock down my personal info?

Probably not. Facebook, Twitter and other social media companies already give users a lot of ways to find out what information they’re collecting. The companies’ data policies spell out the info they’re scooping up, and social media users can download a copy of that data. If you’re really paranoid, you can also take the extreme step of deleting your accounts. 

The data is hugely important to Facebook, Twitter and the other big social media companies because they use it to help businesses target ads based on user demographics, location and other characteristics. Advertising is big money for social media companies. Nearly all of Facebook‘s $17.7 billion in third-quarter revenue came from ads. About 85% of Twitter’s $824 million in revenue came from ads during the same period.

“People should be in control … of how their information is used and shared,” said Will Castleberry, who is in charge of state and local public policy at Facebook. “We remain committed to being clear with people about how our services work, including that we do not sell data.”

So does that mean CCPA will limit how much data social networks and third parties can share?

Maybe, but that’s going to depend on how the law is interpreted and applied. CCPA prohibits the sale of user data, which social networks adamantly deny doing. But the definition of a sale under CCPA is broad and doesn’t simply mean exchanging information for money. Sales can include “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration,” according to the law.

It’s unclear how that definition covers visits to websites or apps that use, for example, Facebook services, such as “like,” share or comment plug-ins. Those services are a common way for the social network to collect information about you. Twitter and other social networks have similar services. 

“Facebook needs to limit how that data is used to ensure it isn’t considered a sale,” said Jules Polonetsky, who runs Future of Privacy Forum, a Washington DC think tank focused data privacy. 

The social network told advertisers that it doesn’t plan to make any changes to its web tracking services, but some privacy experts disagreed with Facebook’s interpretation of the law, The Wall Street Journal reported in December. 

Anything else I need to know about what will happen after the law takes effect?

The law gives consumers the right to learn not only specific personal information businesses collect but also more about where they’ve gotten their data over the past 12 months. That can include types of sources such as government agencies or third parties like advertising networks. The combined information gives you a better sense of how social media companies get information about you. 

In the past, companies and regulators have clashed over privacy law. Europe whacked Google with a $57 million fine earlier this year for failing to clearly inform users how it handled their personal data. France’s National Data Protection Commission argued that the information Google provided its users was “too generic and vague.” Google planned to appeal the fine, arguing that the company had created a process that is “transparent and straightforward as possible.”

“You’re certainly going to have differences of opinion in terms of what certain things mean in the statute,” said Erin Illman, an attorney at Bradley in North Carolina. “That always creates the opportunity for companies to take one position and a regulator to take another.”