Is California’s landmark 2018 privacy law working? It’s hard to tell, in part because the messy data it has produced.
The law makes businesses disclose what personal data they have on any citizen who wants to know. The firms must also delete such data upon request.
Now firms are releasing data on the number of requests they’ve received, but its making the picture murkier, no clearer.
One year in, it’s almost impossible to tell how many Californians are taking advantage of their new rights, or precisely how the biggest players are complying.
The largest companies targeted by the landmark 2018 California Consumer Privacy Act are required to disclose detailed figures on data-privacy requests they have received from the state’s residents since last year. But the firms have published widely disparate figures that make it impossible to evaluate the law’s effectiveness.
The idea was that these stats would show Californians what they were getting out of the law and help enforcers track whether companies are following the rules. What they’ve created is a lot of confusion.
“I think it’s a bit of a mess so far, is what I’m observing,” said Jennifer King, the privacy and data policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence. “Certainly if there’s no way to truly understand what these numbers are measuring, then it’s really difficult, just from a research perspective. How do we assess whether this law is working?”
California in 2018 enacted the nation’s first comprehensive privacy rights law, which empowers residents to find out what personal information companies have gathered about them and ask the businesses to delete those details or not sell them. But one year after CCPA took full effect, it’s hard to tell how much it has really changed, for businesses or for Californians.