Guest post by Marinela Gogo
The more cases of companies ‘playing around’ with people’s data make their way to the news headlines, the more people become conscious about data privacy concerns. Even governments start to take this issue seriously, after all, we are humans before being users and data privacy is a fundamental human right. The California Consumer Privacy Act (CCPA) was enacted in June, hot on the heels of the EU’s General Data Protection Regulation that went into effect in May. Nextcloud has signed a public letter on initiative of the team behind the privacy-protecting search engine DuckDuckGo in support of the P4A amendment to the CCPA.
What is CCPA
CCPA is a law that goes into effect on January 2020 and gives Californian consumers more control over the information businesses collect on them. More concretely, the intentions of the act are to grant Californians with:
The right to know what personal information a company has collected about them, the right to know the categories of sources and categories of recipients.
The right to delete only personal information that a company has collected from them, but not all personal information it possesses.
The right to opt-out of sale of personal information for adults, while for consumers under 16 years old opt-in consent is required first.
The right to receive equal service and pricing even if they exercise their privacy rights.
The story behind CCPA
Before the CCPA was introduced, a more strict privacy-focused ballot initiative had reached enormous support from the public. While a group called the Committee to Protect California Jobs was arguing that the law would hurt businesses and their ability to hire, 600,000 signatures proved that people cared deeply about their privacy online. Legislators and tech companies wanted to pass a more flexible option as ballot initiatives in California can only be amended by another voter referendum, so Alastair Mactaggart, the person behind the ballot initiative, agreed to withdraw it only if a similar privacy-focused bill passed. CCPA was drafted in a rush to meet the deadline for defeating the ballot initiative. As a result it ended up less than perfect, even though well intentioned.
Who does the CCPA apply to
The Californian Consumer Privacy Act applies to any for profit business that has $25M+ annual gross revenues, annually obtains the personal information of 50,000+ Californians or earns more than half of its annual revenue from selling consumers’ personal information.
CCPA goes into effect in 2020 and while there’s a lot to improve to strengthen it, some companies desperately try lobbying the legislature to weaken the law.
At this time, Nextcloud joins forces with other companies that care about privacy and might be impacted by the CCPA, to co-sign a support letter for the Privacy for All Act (P4A). The key committee in the California legislature will be voting on many amendments, including the P4A on 23 April, that will fill important CCPA gaps.
P4A and CCPA
The P4A amends the CCPA in the following ways:
While CCPA grants consumers the right to know what personal information is collected about them and where it was shared by category, the P4A grants the right to know exactly which companies/third parties their data is shared with.
CCPA gives Californians the right to opt-out of their data sale. P4A expands that right to prohibition of selling, sharing, loaning out or giving developer access to personal information without explicit opt-in consent.
The also P4A enforces the Californian consumers right to receive equal service and pricing when they exercise their privacy rights.
The CCPA does not provide users the power to bring violators to court, with the exception of a narrow set of businesses if there are data breaches. On the other hand P4A ensures consumers have the right to go to court if companies violate the law.
As a privacy respecting business, Nextcloud has been fighting to spread awareness about data privacy, data control and criticize non ethical tech. The P4A amendment adds crucial protections to the CCPA and thus deserves Nextcloud’s support!
One way or another users have been tracked, targeted, spied and sold, without knowing, without being able to act, in order to make unethical companies rich. First, it was the lack of knowledge. Second, it was the lack of rules. Now – users know how tech giants make profit offering free services. Everyone understands that privacy protection in the modern age is crucial. Who wants to stay unarmed in front of all those privacy violators?
The personal information harvesting mechanism and data breaches have become familiar terms to the mass. The European Union and California took a step forward with the GDPR and CCPA, respectively. Now, by signing this letter, Nextcloud publicly encourages more governments to grant their citizens control over their data and fundamental privacy rights. A great move!
The public letter from DuckDuckGo and signed by Nextcloud is reproduced below. Thanks to DuckDuckGo for their initiative! See also their blog.
April 16, 2019
The Honorable Edwin Chau
Capitol Office, Room 5016
P.O. Box 942849
Sacramento, CA 94249-0049 submitted via https://privacycp.assembly.ca.gov/
Re: A.B. 1760 – SUPPORT FOR PRIVACY FOR ALL
Dear Assemblymember Chau,
We are pleased to support A.B. 1760, sponsored by Assemblymember Buffy Wicks, as a vital addition to privacy protections in the state of California. We thank you for your commitment to the essential area of privacy, and your crucial role in the passage of the California Consumer Privacy Act (CCPA) last year.
We are a broad coalition of for-profit companies that share that privacy commitment and support the CCPA. All of us have California customers and we are currently subject to CCPA’s requirements or may be subject to them in the foreseeable future. As companies that put user privacy at the core of our products and services, we also support legislation that builds on CCPA’s foundation. Our relationship with our users is built on trust—trust that the data they provide to us and other companies will be used only in the ways they understand and expect. A.B. 1760 holds all covered companies to that standard and makes sure that Californians’ information is protected by default. It will give all Californians the knowledge and power to truly control their personal information, as well as the ability to practically exercise and legally enforce their privacy rights, all without being punished with higher prices or degraded service.
We appreciate and support your committee’s important efforts to provide all Californians with the privacy rights they want and deserve. Thank you again for your leadership on this important issue.
Duck Duck Go, Inc.
Gabriel Weinberg, Founder and CEO
Brave Software Inc.
Dr. Johnny Ryan, Chief Policy & Industry Relations Officer
Proton Technologies AG
Dr. Andy Yen, CEO
Casey Oppenheim, CEO
Vivaldi Technologies LLC
Chief Operating Officer
Istvan Lam, Co-Founder & CEO
Richard Delgado, COO
Fastmail Pty Ltd
Bron Gondwana, CEO
Fastmail US LLC
Helen Horstmann-Allen, COO
Christian Kroll, CEO & Founder
Mycroft AI Inc.
Eric Jurgeson, Vice-President
Todd Weaver, CEO
Discourse, aka Civilized Discourse Construction Kit, Inc.
Jeff Atwood, CEO
Mailr Tech LLP, aka Canary Mail
Sohel Sanghani, CEO
Conva Ventures Inc., aka Fathom Analytics
Jack Ellis & Paul Jarvis, Directors
cc: Honorable Members of the Privacy Committee:
Ed Chau: email@example.com
Kevin Kiley: firstname.lastname@example.org
Rebecca Bauer Kahan: email@example.com
Marc Berman: firstname.lastname@example.org
Ian Calderon: email@example.com
Jesse Gabriel: firstname.lastname@example.org
James Gallagher: email@example.com
Jaqui Irwin: firstname.lastname@example.org
Jay Obernolte: email@example.com
Christy Smith: firstname.lastname@example.org
Buffy Wicks: email@example.com
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]