Dream of Californication: welcome to the Californian Consumer Privacy Act

Dream of Californication: welcome to the Californian Consumer Privacy Act external link

Williams, J. & Irion, K.

Internet Policy Review, vol. 2018, 2018

Abstract

The California Consumer Privacy Act (CCPA), slated to enter into force on 1 January 2020, borrows some cutting edge ideas from the EU and others’ privacy regimes while also experimenting with new approaches to data privacy. Importantly, the CCPA envisages an online advertisement market in which business are prevented from “getting high on information,” 1 breaches are promptly notified, and consumers are autonomous participants with the ability to sell their data at will. Where the CCPA breaks new ground is in protecting consumers from retaliation for opting out of the sale of their data. Thus, if it lives up to its potential, the CCPA could catalyse a permanent restructuring of the online data mining business. Our contribution will shed light on the new CCPA and offer some observations in comparing it with EU’s General Data Protection Regulation (GDPR).

Bibtex

Article{Williams2018,
	title = {Dream of Californication: welcome to the Californian Consumer Privacy Act},
	author = {Williams, J. and Irion, K.},
	url = {https://policyreview.info/articles/news/dream-californication-welcome-californian-consumer-privacy-act/1351},
	year = {2018},
	date = {2018-10-16},
	journal = {Internet Policy Review},
	volume = {2018},
	abstract = {The California Consumer Privacy Act (CCPA), slated to enter into force on 1 January 2020, borrows some cutting edge ideas from the EU and others’ privacy regimes while also experimenting with new approaches to data privacy. Importantly, the CCPA envisages an online advertisement market in which business are prevented from “getting high on information,” 1 breaches are promptly notified, and consumers are autonomous participants with the ability to sell their data at will. Where the CCPA breaks new ground is in protecting consumers from retaliation for opting out of the sale of their data. Thus, if it lives up to its potential, the CCPA could catalyse a permanent restructuring of the online data mining business. Our contribution will shed light on the new CCPA and offer some observations in comparing it with EU’s General Data Protection Regulation (GDPR).},
	keywords = {California, Consumer Privacy, frontpage, General Data Protection Regulation, Internet},
}

The European Union General Data Protection Regulation: What It Is And What It Means external link

Hoofnagle, C.J., van der Sloot, B. & Zuiderveen Borgesius, F.

Information & Communications Technology Law, vol. 2019, 2019

Abstract

This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Bibtex

Article{Hoofnagle2018,
	title = {The European Union General Data Protection Regulation: What It Is And What It Means},
	author = {Hoofnagle, C.J. and van der Sloot, B. and Zuiderveen Borgesius, F.},
	url = {https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501},
	year = {0212},
	date = {2019-02-12},
	journal = {Information & Communications Technology Law},
	volume = {2019},
	abstract = {This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.},
	keywords = {Consumer Privacy, Data protection, European Union, frontpage, General Data Protection Regulation, Privacy},
}

Keyword: Consumer Privacy