It seems unnatural to applaud bureaucrats anywhere, but the bureaucrats of the European Union are doing more to protect the privacy of their citizens than the august Congress of the United States. Europe now has the General Data Protection Regulations (GDPR). Fortunately, the state of California has rushed in to fill the American vacuum left by Congress. They have now passed California Consumer Privacy Act (CCPA). Because they are such a huge state, most companies will not be able to afford two separate IT systems and will have to conform to CCPA, especially since the California fines are up to $7,500 per violation.
Copying from Lexology,
“The CCPA gives Californians the right to know:
(i) what personal information is being collected, sold and/or disclosed, and the right to know the sources of such information;
(ii) what categories of personal information have been collected about him/her in last 12 months, and the sources of such information;
(iii) the business purposes (and related categories) for collecting and/or selling their personal information; and
(iv) what third-party businesses (by industry or category) their personal information is shared with.”
Californians also will have the “right to be forgotten,” which requires all personal information on an individual to be destroyed upon request, as well as the right to opt-out. All websites must have a button, forbidding the sale of personal information collected from the website.
Thank you, California! Now, somebody please tell me what good is Congress anyway?