What the California Consumer Privacy Act means for you

How to exercise your rights under the California Consumer Privacy Act

The California data privacy law gives you some control over how businesses collect and use your personal data. Here's how to take advantage.

Caring about data privacy helps your personal security.
Phoebe Normandia

Intern, Don't Sell My Data campaign

The California privacy law – called the California Consumer Privacy Act – passed in 2018. In 2020, it was amended by the California Privacy Rights Act, granting consumers some additional privacy protections. It’s in effect now.

What is the California Consumer Privacy Act?

The California Consumer Privacy Act is a consumer privacy law that gives you some basic rights regarding how businesses collect, use and sell your data.

The CCPA earns a B+ grade on our recent scorecard report – co-authored with the Electronic Privacy Information Center (EPIC) – for how well it actually protects consumers, making it currently the strongest law in the nation.

California also recently passed the DELETE Act, which will allow consumers to submit a single request to data brokers registered with the state to delete their information – a really great protection for consumers.

While California’s privacy laws are the strongest in the country, they still put work on your plate to fully protect your data. It’d be better if instead companies were clearly limited to what data they can collect on you and what they can do with it in the first place.

What does the California privacy law do for consumers?

The California privacy law gives you several rights regarding your personal information:

  • Right to Know: You can request a report of what personal information businesses have collected on you, where they got that data from, and what they use it for.
  • Right to Correct: You can request a business correct inaccuracies in the personal information it has collected about you.
  • Right to Delete: You can request a business delete the personal information it has collected about you.
  • Right to Opt Out: You can opt out of businesses selling your personal information to advertisers and other third parties.
  • Right to Limit how businesses use and disclose your sensitive personal information, such as your geolocation or genetic data.

Most of these rights are more difficult to exercise than they should be. You need to submit requests to access and correct your data one at a time to individual companies. Fully exercising the rights California’s privacy law gives you would be like taking on a part-time job. There are likely hundreds of third parties holding your information right now.

However, California does give residents some useful tools, including the ability to automatically opt-out of data collection and sales.

What is a universal opt-out mechanism and how do I get it?

A universal opt-out mechanism is a piece of technology that helps you automatically opt-out of data collection online. Once you’ve downloaded the tool, the mechanism will broadcast to every site you visit that you don’t want your data collected or sold. That way you don’t have to individually contact every website you visit to opt out.

You will, however, need to do a bit of work to get the tool working.

How to use the Global Privacy Control

The Global Privacy Control is currently the most widely recognized version of universal opt-out mechanism. There are a number of tools available that incorporate the Global Privacy Control (GPC).

Find your web browser below for our recommendations of tools that include GPC signals.

Global Privacy Control in Google Chrome

To automatically opt-out of data collection on websites while using your Chrome browser, you need to download a special browser extension. You have a couple of options.

  • Our favorite is Privacy Badger made by our friends at Electronic Frontier FoundationYou can download Privacy Badger from the Chrome Web Store here. Once you download it, Privacy Badger will do the rest, and you shouldn’t have to take any more steps. We like this one because it has other privacy tools that will further protect your data built in, and it won’t disrupt your browsing experience.
  • Another good option is DuckDuckGo Privacy Essentials. You can download DuckDuckGo Privacy Essentials from the Chrome Web Store hereIn addition to using the GPC, this extension will change your default browser to DuckDuckGo. DuckDuckGo collects a lot less data about you than Chrome, but some people may not want to make the switch.

Global Privacy Control in Apple Safari

To automatically opt-out of data collection on websites in Safari, you need to download a special browser extension. Apple currently doesn’t allow our favorite tool – Privacy Badger – in Safari, but there is another option you can use.

  • DuckDuckGo Privacy Essentials. You can download it from the Apple App Store hereIn addition to using the GPC, this extension will change your default browser to DuckDuckGo. DuckDuckGo collects a lot less data about you than Safari, but some people may not want to make the switch.

Global Privacy Control in Microsoft Edge

To automatically opt-out of data collection on websites in Edge you’ll need to download a special browser extension. You have a couple of options:

  • Our favorite is Privacy Badger made by our friends at Electronic Frontier FoundationYou can download Privacy Badger from the Microsoft store here. Once you download it, Privacy Badger should do the rest, and you shouldn’t have to take any more steps. We like this one because it has other privacy tools that will further protect your data built in.
  • Another good option is DuckDuckGo Privacy Essentials. You can download DuckDuckGo Privacy Essentials from the Microsoft store hereDuckDuckGo collects a lot less data about you than Edge, but some people may not want to make the switch.

Global Privacy Control in Mozilla Firefox

Firefox is the only major browser that has a GPC signal built into it automatically, so you don’t have to download any special tools. But you do have to go turn it on.

How to enable GPC on Firefox
  1. Make sure you have a recent version of Firefox. Firefox started carrying the GPC in November 2023. If you haven’t updated your browser since then, do that first.
  2. In FireFox, click the menu button that’s 3 horizontal lines stacked on top of each other
  3. Go to Privacy & Security
  4. Scroll down to “Website Privacy Preferences”
  5. Click “Tell websites not to sell or share my data”
  6. Then close out of your Settings page. The change is saved automatically

How do I exercise my California privacy law rights?

To exercise your other core rights – accessing, correcting or deleting the data a company has already collected on you – you must submit a request directly to each business. Companies must tell you how to send a request in their privacy policy.

Read: How to read a privacy policy

Where can I find instructions for exercising my rights in a privacy policy?

When looking at a privacy policy, search for a section titled “Your Privacy Rights,” “Your Rights and Choices,” or something similar. Use ctrl+f for the term “privacy”, “rights”, or “opt” to find this information more quickly. In this section, the business should give you instructions for how to access, correct, or delete your personal data. It will typically be a web form or an email address you need to send a request to.

How could the California Consumer Privacy Act be better?

The California Consumer Privacy Act gives you some rights to ask companies to delete your data and the ability to use a browser tool to automatically opt-out of websites’ data collection. It sounds nice – and it is currently the best law in the country – but really it puts the onus on you to become a data privacy expert in order to protect yourself. Even if you exercised all your rights perfectly, it still wouldn’t be enough to keep your information totally secure.

The best thing for consumers is to change how companies can collect and use data in the first place. It should be on companies to limit their data collection to only the data they need to deliver the service you’re expecting to get up front. There’s no good reason for your fast food loyalty app to be collecting your location 24/7 or your VR game app to be collecting your social security number.

Companies should also be limited to only using the data they collect for what the consumer is expecting. There’s no good reason for your health app to turn around and sell your prescription information to advertisers or your child’s internet-enabled stuffed animal to be sending transcripts of your child’s conversations to third parties.

This is a big deal. The more data that companies collect, and the more companies they sell it to, the more likely it is that your personal information is going to be exposed in a breach or a hack and end up in the wrong hands. This makes it more likely you’ll be the victim of identity theft, financial fraud and hyper-targeted scams.

It’s absurd we haven’t stopped companies treating our data like a commodity. States can lead the way in amending the laws they’ve already passed to do more to protect consumers.

What else can I do to protect my data?

If you want to ensure that your data is as protected as possible, there are other steps you can take besides relying on your Connecticut data rights. We’ve got more simple ways you can boost your data security here.

See below for even more tips to put you more in control of your information online.

Topics
Authors

Phoebe Normandia

Intern, Don't Sell My Data campaign

Find Out More
staff | TPIN

This Earth Day, put our planet over plastic

We are working to move our country beyond plastic — and we need your help. Donate before midnight tonight and your gift will be matched, up to $10,000 nationwide.

Donate