Guest post by Marinela Gogo
The more cases of companies ‘playing around’ with people’s data make their way to the news headlines, the more people become conscious about data privacy concerns. Even governments start to take this issue seriously, after all, we are humans before being users and data privacy is a fundamental human right. The California Consumer Privacy Act (CCPA) was enacted in June, hot on the heels of the EU’s General Data Protection Regulation that went into effect in May. Nextcloud has signed a public letter on initiative of the team behind the privacy-protecting search engine DuckDuckGo in support of the P4A amendment to the CCPA.
What is CCPA
CCPA is a law that goes into effect on January 2020 and gives Californian consumers more control over the information businesses collect on them. More concretely, the intentions of the act are to grant Californians with:
- The right to know what personal information a company has collected about them, the right to know the categories of sources and categories of recipients.
- The right to delete only personal information that a company has collected from them, but not all personal information it possesses.
- The right to opt-out of sale of personal information for adults, while for consumers under 16 years old opt-in consent is required first.
- The right to receive equal service and pricing even if they exercise their privacy rights.
The story behind CCPA
Before the CCPA was introduced, a more strict privacy-focused ballot initiative had reached enormous support from the public. While a group called the Committee to Protect California Jobs was arguing that the law would hurt businesses and their ability to hire, 600,000 signatures proved that people cared deeply about their privacy online. Legislators and tech companies wanted to pass a more flexible option as ballot initiatives in California can only be amended by another voter referendum, so Alastair Mactaggart, the person behind the ballot initiative, agreed to withdraw it only if a similar privacy-focused bill passed. CCPA was drafted in a rush to meet the deadline for defeating the ballot initiative. As a result it ended up less than perfect, even though well intentioned.
Who does the CCPA apply to
The Californian Consumer Privacy Act applies to any for profit business that has $25M+ annual gross revenues, annually obtains the personal information of 50,000+ Californians or earns more than half of its annual revenue from selling consumers’ personal information.
CCPA goes into effect in 2020 and while there’s a lot to improve to strengthen it, some companies desperately try lobbying the legislature to weaken the law.
At this time, Nextcloud joins forces with other companies that care about privacy and might be impacted by the CCPA, to co-sign a support letter for the Privacy for All Act (P4A). The key committee in the California legislature will be voting on many amendments, including the P4A on 23 April, that will fill important CCPA gaps.
P4A and CCPA
The P4A amends the CCPA in the following ways:
- While CCPA grants consumers the right to know what personal information is collected about them and where it was shared by category, the P4A grants the right to know exactly which companies/third parties their data is shared with.
- CCPA gives Californians the right to opt-out of their data sale. P4A expands that right to prohibition of selling, sharing, loaning out or giving developer access to personal information without explicit opt-in consent.
- The also P4A enforces the Californian consumers right to receive equal service and pricing when they exercise their privacy rights.
- The CCPA does not provide users the power to bring violators to court, with the exception of a narrow set of businesses if there are data breaches. On the other hand P4A ensures consumers have the right to go to court if companies violate the law.
As a privacy respecting business, Nextcloud has been fighting to spread awareness about data privacy, data control and criticize non ethical tech. The P4A amendment adds crucial protections to the CCPA and thus deserves Nextcloud’s support!
One way or another users have been tracked, targeted, spied and sold, without knowing, without being able to act, in order to make unethical companies rich. First, it was the lack of knowledge. Second, it was the lack of rules. Now – users know how tech giants make profit offering free services. Everyone understands that privacy protection in the modern age is crucial. Who wants to stay unarmed in front of all those privacy violators?
The personal information harvesting mechanism and data breaches have become familiar terms to the mass. The European Union and California took a step forward with the GDPR and CCPA, respectively. Now, by signing this letter, Nextcloud publicly encourages more governments to grant their citizens control over their data and fundamental privacy rights. A great move!
The public letter from DuckDuckGo and signed by Nextcloud is reproduced below. Thanks to DuckDuckGo for their initiative! See also their blog.
April 16, 2019
The Honorable Edwin Chau
Capitol Office, Room 5016
P.O. Box 942849
Sacramento, CA 94249-0049
submitted via https://privacycp.assembly.ca.gov/
Re: A.B. 1760 – SUPPORT FOR PRIVACY FOR ALL
Dear Assemblymember Chau,
We are pleased to support A.B. 1760, sponsored by Assemblymember Buffy Wicks, as a vital addition to privacy protections in the state of California. We thank you for your commitment to the essential area of privacy, and your crucial role in the passage of the California Consumer Privacy Act (CCPA) last year.
We are a broad coalition of for-profit companies that share that privacy commitment and support the CCPA. All of us have California customers and we are currently subject to CCPA’s requirements or may be subject to them in the foreseeable future. As companies that put user privacy at the core of our products and services, we also support legislation that builds on CCPA’s foundation. Our relationship with our users is built on trust—trust that the data they provide to us and other companies will be used only in the ways they understand and expect. A.B. 1760 holds all covered companies to that standard and makes sure that Californians’ information is protected by default. It will give all Californians the knowledge and power to truly control their personal information, as well as the ability to practically exercise and legally enforce their privacy rights, all without being punished with higher prices or degraded service.
We appreciate and support your committee’s important efforts to provide all Californians with the privacy rights they want and deserve. Thank you again for your leadership on this important issue.
Duck Duck Go, Inc.
Gabriel Weinberg, Founder and CEO
Brave Software Inc.
Dr. Johnny Ryan, Chief Policy & Industry Relations Officer
Proton Technologies AG
Dr. Andy Yen, CEO
Casey Oppenheim, CEO
Vivaldi Technologies LLC
Chief Operating Officer
Istvan Lam, Co-Founder & CEO
Richard Delgado, COO
Fastmail Pty Ltd
Bron Gondwana, CEO
Fastmail US LLC
Helen Horstmann-Allen, COO
Christian Kroll, CEO & Founder
Mycroft AI Inc.
Eric Jurgeson, Vice-President
Todd Weaver, CEO
Discourse, aka Civilized Discourse Construction Kit, Inc.
Jeff Atwood, CEO
Shiny Frog Limited, aka Bear
Matteo Rattotti, Founder
Sgrouples, Inc. dba “MeWe”
Mark Weinstein, Founder & CEO
Frank Karlitschek, CEO
Thomas Fauré, CEO
Andrea Little Limbago, PhD
Chief Social Scientist
Tutao GmbH, aka Tutanota
Matthias Pfau, Co-Founder
Dr. Rand Hindi, PhD
Co-Founder & CEO
Bit Chute Limited
Ray Vahey, Founder & CEO
Mailr Tech LLP, aka Canary Mail
Sohel Sanghani, CEO
Conva Ventures Inc., aka Fathom Analytics
Jack Ellis & Paul Jarvis, Directors
cc: Honorable Members of the Privacy Committee:
Ed Chau: email@example.com
Kevin Kiley: firstname.lastname@example.org
Rebecca Bauer Kahan: email@example.com
Marc Berman: firstname.lastname@example.org
Ian Calderon: email@example.com
Jesse Gabriel: firstname.lastname@example.org
James Gallagher: email@example.com
Jaqui Irwin: firstname.lastname@example.org
Jay Obernolte: email@example.com
Christy Smith: firstname.lastname@example.org
Buffy Wicks: email@example.com