MARY REICHARD, HOST: Coming up next on The World and Everything in It: online privacy.
That’s been an oxymoron for decades now. Your data—everything from your shopping habits to your name and location—is a commodity. Your information is used in ways you never agreed to or even know about. And trying to stop it? Not possible.
MEGAN BASHAM, HOST: But that may change. A new law went into effect last week in California. It regulates how technology companies collect, store, and share your personal data. Lots of technology firms are headquartered in California, so the new regulations will affect nearly everyone.
REICHARD: Joining us now to talk about the California Consumer Privacy Act is Jason Thacker. He’s an associate research fellow at the Ethics and Religious Liberty Commission of the Southern Baptist Convention.
Good morning, Jason!
JASON THACKER, GUEST: Good morning! Thank you for having me, Mary.
REICHARD: Let’s start with what the California law actually says. What new requirements did it put in place for tech companies?
THACKER: Yeah, the California Consumer Privacy Act, as you said, went into effect on January 1st. It has six major components. One is to know what data has been collected on you. To know if this data has been sold and to whom. That you can say no to the sale of data, which is a big point. You can access this data, you can request it to be deleted, and you cannot be discriminated against for using these rights.
REICHARD: How does that compare to privacy requirements in other states and countries?
THACKER: Yeah, in the United States, we don’t have a federal privacy law and so as you said earlier, this is going to become in many ways the de facto law of the land with many states following on the heels of the California law. In terms of other countries, there haven’t been kind of comprehensive privacy legislation outside of the GDPR, which is the European regulation about a data protection board put together. And that law is much more expansive. So this is a very weakened version of what a lot of privacy advocates—within California but even in the nation—wanted. But it does kind of set the tone for what might be coming here in America.
REICHARD: Does it seem likely California’s law will prompt federal lawmakers to enact legislation to cover the whole country?
THACKER: That’s really the big question right now. There is a lot of chatter in Washington about a federal privacy law, but in the divisive time that we live in with a lot of the major kind of international happenings but also domestic happenings right now, I don’t have a ton of hope that there’s going to be a federal privacy law anytime soon. But there is a lot of conversation around that and the hope is that some of these kind of more stringent parts of this CCPA will actually be rolled back. Because if a federal privacy law is enacted, it would trump the state laws.
REICHARD: Are there any drawbacks to these particular privacy regs?
THACKER: Yes and no. I mean, on the outset if you read the regulation, it doesn’t seem to be overly burdensome. It is extremely complicated to put together. I mean, companies are spending millions and millions of dollars to implement—they’re kind of having to retrofit their data collection systems and storage in order to give people access to this. And so on the lay level, you’ll see new privacy policies. You’re getting a lot of emails now probably from various companies saying we’ve updated our privacy policies or this is if you’re a California resident, this is how you can access your data. So, to retrofit their systems, there’s a really high cost, which a lot of folks who are not supportive of these types of laws see this as overly burdensome on markets and on businesses because of the such a high cost to implement these tools. So mainly it’s going to hit your larger companies like Microsoft, Facebook, LinkedIn, Twitter. Kind of your larger technology companies where the majority of the users are.
REICHARD: Are privacy advocates satisfied with these regulations or are there other areas they would like to see covered by future laws?
THACKER: Yeah and that’s where kind of the verdict’s still out. A lot of privacy advocates don’t see this as far-reaching enough. There are some that want to monetize your data. So, if a company has your data and uses it to make money that you should be able to profit from that as well—the sale of your data—as a property right. There are some that want the right to be forgotten. A lot of those type of larger pieces of legislation that we see in the GDPR. I think that this is definitely a start for a federal privacy law and even state laws, but it’s definitely not making everyone exactly happy.
REICHARD: Jason Thacker is an associate research fellow at the Ethics and Religious Liberty Commission. Thanks so much for joining us today!
THACKER: Yeah, thank you for having me, Mary.