“Do Not Sell My Personal Information” (I’m from California)

Two choices: add (and honor) this link on every page and every screen of every app and service, or find a new business model ASAFP!

shield-1301848 2.png

The California Consumer Privacy Act goes into effect on Jan 1, 2020. Some of you might know what it is, many of you won’t. Some of you may have actually been talked into voting for this. The folks pushing it might not have been clear on what was in it. You think GDPR was a challenge, welcome to the CCPA.

I’ve been tracking this thing for a while, and to be candid it kind of snuck up on me. My mistake was to read the text of the law when it was first issued, after about a six-day drafting process. I surmised that because the law so poorly constructed, it would not remain in place. Typos, self-contradictions, definitions that made no sense. It is bad law. I assumed it would get revised, or disappear.

I’ve been pinning my hopes on a solid federal privacy law that would preempt the crappy California one. The industry needs a single set of rules that a developer can follow, not 50 conflicting rules. Developers cannot map every user depending on where they live or where they happen to be standing.  I’ve lost confidence that Congress can accomplish anything before California’s law goes live. And once the CCPA takes effect, sharing user data in whatever form stops working.

If you know the Alliance, you know that we see tremendous societal benefits in shared data. Without data, advances such as AI or autonomous vehicles are impossible. Smart cities, health care, public safety ... in the recent past, almost every sector has made huge strides to the betterment of society because of the insights shared data has brought to light. And for those of you that provide a free service and use targeted advertising to pay the bills, too bad, so sad.

Suffice to say that the new rules envision a world where user data is no longer shared or monetized in any way. The law places many hurdles in a businesses path. The last one being a conspicuous button on every page and screen that welcomes users to opt out over and over. Be prepared: if they push the button you’ll still need to provide them the service exactly the same way you provide it to everyone else.

At 10,000 words, there’s a lot more detail - that matters - that you might want to learn about sooner rather than later. Who does the law cover? (California residents) What user data are we talking about? (any information that relates to a particular consumer OR household) Who has to comply? (you, if you serve 50k Californian users, households or devices annually - or have revenues over $25M) What is “selling”? (if you share user data and get anything useful in return, you’re selling)

So what to do? There are lots of people tracking the law and the pending amendments, and crafting plans to help big companies comply. Get on your search engine of choice and find them. One piece of advice they’re already giving: put in place a default non-data-monetization business scheme immediately, and offer users that share data a discount.

The alternative is that you’ll be giving your service away for free one day (don’t worry, you’ll make it up on volume).