In part 1 of today’s post, we addressed two out of the five core consumer rights under the CCPA California. Let’s dive right into the rest.
Right to Opt-Out or Opt-In
This mostly applies when the sale of data is involved. The CCPA provides for the right of consumers to opt-out from, which literally means stop, the sale of their data collected by businesses to a third party. Minors must opt-in (through their guardian) before their data is even collected, not to mention sale of their data. Where a consumer opts out, at least twelve months must elapse before businesses can ask consumers to opt back in. Businesses must be careful to ensure their dealings with third parties involving consumer’s data is not under the broad definition of sale under the CCPA.
Right to Request Deletion
Akin to the right to be forgotten or the right of erasure under GDPR. The CCPA California allows consumers to request deletion where the data was obtained directly from them.
This right, however, has several exceptions. Thus businesses need not delete the personal data where it is needed for detecting security incidents, answering to legal claims, exercising freedom of speech and the broad one of internal use which aligns with consumer’s expectations.
Right to Equal Services and Prices
This is to protect consumers who exercise any of the above rights against a business. Thus, businesses are not allowed to discriminate against such consumers by denying them goods and services, charging different rates, providing a different level of quality or even suggesting they will do any of these.
In practice, complying with all the above could prove difficult, especially where third parties are involved. There is also the issue of who calls the shot on compliance? The lawyer or the business? We suggest a hybrid approach. Send us a message or give us a call today, let’s be your partner in compliance.