As of the 1st January 2020, the California consumer privacy act (CCPA) will introduce new rights for every citizen living in the state of California.
These changes will affect the way companies look at privacy. The legislation is currently only applicable to consumers in the state of California. However, as we will discuss, the act will likely have an impact across the US.
Along with the GDPR, which offers consumers similar data and privacy rights in the EU, the CCPA is something that all businesses need to consider. This starts with a brand’s databases, CMP, and website, but it also includes any mobile app.
Apps will be subject to the same scrutiny, and under the regulation, developers will need to find a solution to comply with the legislation fully.
What is the CCPA
First, let’s look at the technical side of the new legislation.
The act allows any consumer-based in California access to all information or data that a company has related to them.
The act also states that this information should include a full list of the third-parties that the data is shared with.
It also allows consumers to request that companies delete this data or stop them from sharing it with one or all of the relevant third-parties.
As well as this, the CCPA also means that companies will have to do more to explain to consumers what types of data they are collecting, why they are doing it, and how consumers can opt-out.
What does CCPA cover?
The act seems to take a broader approach than GDPR in terms of what constitutes personal information:
- Any personal identifier such as name, alias, address, unique or online personal identifier, IP address, email, account name, social security number, passport, or driving license number.
- Commercial data that includes records of property, product or services, or other historical purchase data.
- Geolocation data
- Biometric data
- Professional information or employee data, such as employee time tracking or employee engagement.
- Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement
What happens if my mobile app is not compliant?
According to the CCPA, companies will have 30 days to comply with the when regulators notify them of a violation. After this, is there is no resolution, the regulator will issue a fine of up to $7,500 for each record.
Despite this initial fine, companies are under threat from another area that is covered in the act. The bill allows an individual to sue a company. This occurs if a consumer gives written notice to a company that they have had their privacy rights violated. If the company cannot find a resolution, then the consumer can bring a class-action suit against the company.
How to become compliant
For mobile apps, it can be more challenging to become compliant with privacy laws. Many tools for manage consumer privacy preferences are web first, and there aren’t a lot of tools that exist for developers to manage consent and comply with the regulation.
Under CCPA, apps will need to understand the data that they have on all of their users. This needs to be attached to a single consumer to provide information about the data that the company has on an individual. This means a centralized location is needed that can access this information.
As well as this, how the data is used will need to be communicated to the user, including third-party uses.
Lastly, consumers need to be able to access this, manage their choices, and request that this information be deleted.
So, developers need an interface that clearly explains which data is being collected and why. It will also need to allow users to opt-out and define which third-parties can access this data.
Sound complicated? Well, luckily, there is a solution.
Tamoco’s mobile-first CMP
A CMP is a powerful tool that should be implemented anywhere where consumer data is being processed or stored. For these reasons, it makes sense to have a CMP that can cope with large amounts of consumer preferences and can manage these in several different locations and platforms.
The Tamoco CMP collects user preferences in applications. It allows consumers to collect and manage use preference for data collection and data use.
Our CMP is the world’s first mobile CMP that allows developers to comply with data privacy legislation such as the GDPR and the CCPA.
With a straightforward integration app developers can take control of their app and deliver privacy management at scale for all of their users.
What is the CCPA?
The act allows any consumer-based in California access to all information or data that a company has related to them. The act also states that this information should include a full list of the third-parties that the data is shared with. It also allows consumers to request that companies delete this data or stop them from sharing it with one or all of the relevant third-parties. As well as this, the CCPA also means that companies will have to do more to explain to consumers what types of data they are collecting, why they are doing it, and how consumers can opt-out.