Understanding Data Laws GDPR & CCPA
We're joined by Evan Goldstein, eBay’s associate general counsel, to talk about what impact these laws have had on digital publishers & developers, and specifically how CCPA may impact businesses going forward.
With GDPR (General Data Privacy Regulations) coming up on its second anniversary and the CCPA (California Consumer Privacy Act) going into effect January 1st. We're joined by Evan Goldstein, eBay’s associate general counsel, to talk about what impact these laws have had on digital publishers & developers, and specifically how CCPA may impact businesses going forward. We conclude with compliance principles, and how ePrivacy will be a factor in the future.
The California law, commonly referred to as CCPA, goes into effect in the new year (January 2020). The European Union previously implemented GDPR a law for its citizens in May 2018 called the General Data Privacy Regulations. Both of these laws cover consumer rights to ask what information a service has stored on them and/or have said service delete all that information. There are requirements for disclosure, controls on access and in particular with CCPA, a host of potential onerous penalties for violators.
We discussed the post-mortem on the rollout & application of GDPR and how ePrivacy, a European Union directive, is important pending legislation which many believe will become a legislative override to GDPR when rolled out in 2020.
The question about whether a US federal law, providing common data law across all US states, is coming was contemplated? The consensus is yes, however not until the US Congress convenes after the 2020 presidential results. In short don't hold your breathe for the next 18 months.
California CCPA Origin Story
Evan tells a humorous story about Alastair Mactaggart, a wealthy California who bankrolled & championed regulation of data rights for the online industry, leading to CCPA (10:50). We finish the discussion with how digital publishers & developers can align around some principles to be compliant in the evolving data legality landscape.
Principles for Compliance (23:30)
- Explicit User Consent
- Consumer Access Request Process
- If you’re large, you need a Data Privacy Leader (Chief Data Privacy Officer)