Phoebe Normandia
Intern, Don't Sell My Data campaign
The California data privacy law gives you some control over how businesses collect and use your personal data. Here's how to take advantage.
Intern, Don't Sell My Data campaign
The California privacy law – called the California Consumer Privacy Act – passed in 2018. In 2020, it was amended by the California Privacy Rights Act, granting consumers some additional privacy protections. It’s in effect now.
The California Consumer Privacy Act is a consumer privacy law that gives you some basic rights regarding how businesses collect, use and sell your data.
The CCPA earns a B+ grade on our recent scorecard report – co-authored with the Electronic Privacy Information Center (EPIC) – for how well it actually protects consumers, making it currently the strongest law in the nation.
California also recently passed the DELETE Act, which will allow consumers to submit a single request to data brokers registered with the state to delete their information – a really great protection for consumers.
While California’s privacy laws are the strongest in the country, exercising those new privacy rights requires some work on your part. Let’s take a look.
The California privacy law gives you several rights regarding your personal information:
To access or correct your data, you need to submit requests one at a time to individual companies. That means fully exercising your rights can be a pain. There are likely hundreds of third parties holding your information right now.
However, California does give residents some useful tools, including the ability to automatically opt-out of data collection and sales by downloading a tool called a universal opt-out mechanism.
A universal opt-out mechanism is a piece of technology that helps you automatically opt-out of data collection online. Once you’ve downloaded the tool, the mechanism will broadcast to every site you visit that you don’t want your data collected or sold. That way you don’t have to individually contact every website you visit to opt out.
You will, however, need to do a bit of work to get the tool working.
The Global Privacy Control is currently the most widely recognized version of universal opt-out mechanism. There are a number of tools available that incorporate the Global Privacy Control (GPC).
Find your web browser below for our recommendations of tools that include GPC signals.
To automatically opt-out of data collection on websites while using your Chrome browser, you need to download a special browser extension. You have a couple of options.
To automatically opt-out of data collection on websites in Safari, you need to download a special browser extension. Apple currently doesn’t allow our favorite tool – Privacy Badger – in Safari, but there is another option you can use.
To automatically opt-out of data collection on websites in Edge you’ll need to download a special browser extension. You have a couple of options:
Firefox is the only major browser that has a GPC signal built into it automatically, so you don’t have to download any special tools. But you do have to go turn it on.
To exercise your other core rights – accessing, correcting or deleting the data a company has already collected on you – you must submit a request directly to each business. Companies must tell you how to send a request in their privacy policy.
When looking at a privacy policy, search for a section titled “Your Privacy Rights,” “Your Rights and Choices,” or something similar. Use ctrl+f for the term “privacy”, “rights”, or “opt” to find this information more quickly. In this section, the business should give you instructions for how to access, correct, or delete your personal data. It will typically be a web form or an email address you need to send a request to.
If you run into any problems during this process — like an invalid email address, or a web form where California isn’t available in a dropdown menu — make sure to log a complaint with the California Privacy Protection Agency.
There are lots of companies that likely have your data. The worst actors are shadowy companies called data brokers that specialize in collecting, buying, combining, and reselling data that it bundles into profiles about you. They get data from all kinds of places and sell it to practically whomever is looking to buy. They’re terrible for your personal security.
We recommend starting with some of the biggest data brokers below. You can submit an access request if you want to see what data they have on you, or jump straight to deleting your data and opting out of future data collection.
The California Consumer Privacy Act gives you some rights to ask companies to delete your data and the ability to use a browser tool to automatically opt-out of websites’ data collection. That’s good — and it is currently the best law in the country. It’d be even better, however, if less of the work of protecting your privacy was on you.
The best thing for consumers is to change how companies can collect and use data in the first place.
To maximally protect consumers, it should be on companies to only collect the data they need to deliver the service you’re expecting to get. There’s no good reason for your fast food loyalty app to be collecting your location 24/7 or your VR game app to be collecting your social security number. They plain don’t need it.
Companies should also be limited to only using the data they collect for what the consumer is expecting. There’s no good reason for your health app to turn around and sell your prescription information to advertisers or your child’s internet-enabled stuffed animals to be sending transcripts of your child’s conversations to third parties.
This matters for your personal security. The more data that companies collect, and the more companies they sell it to, the more likely it is that your personal information is going to be exposed in a breach or a hack and end up in the wrong hands. This makes it more likely you’ll be the victim of identity theft, financial fraud and hyper-targeted scams.
Every state that has passed a law has the opportunity to make it stronger. Instituting stronger upfront rules on how companies can collect and use data would improve the privacy and security of Californians.
We look forward to seeing how California continues to strengthen its protections in the future. And in the meantime, folks should take advantage of their new rights.
If you want to ensure that your data is as protected as possible, there are other steps you can take besides relying on your California data rights. We’ve got more simple ways you can boost your data security here.
See below for even more tips to put you more in control of your information online.
How to request and download your Facebook data
Intern, Don't Sell My Data campaign