CNN
Now playing
03:50
Microsoft President: There is a privacy crisis
Washington Metropolitan Police Department officer Michael Fanone watches as a video being displayed during the House select committee hearing on the Jan. 6 attack on Capitol Hill in Washington, Tuesday, July 27, 2021.
Jim Lo Scalzo/AP
Washington Metropolitan Police Department officer Michael Fanone watches as a video being displayed during the House select committee hearing on the Jan. 6 attack on Capitol Hill in Washington, Tuesday, July 27, 2021.
Now playing
02:35
See how right-wing networks covered January 6th hearing
Now playing
07:17
Don Lemon defends Tucker Carlson after confrontation with stranger
Now playing
04:30
Fox News viewers are less likely to get vaccinated, poll shows
Fox News
Now playing
02:31
Tucker Carlson insults Capitol police officer
Fox News
Now playing
02:21
Sean Hannity makes an unexpected statement live on Fox News
NEW YORK, NY - NOVEMBER 29:  Tucker Carlson, host of "Tucker Carlson Tonight" speaks onstage with Nicholas Carlson at IGNITION: Future of Media at Time Warner Center on November 29, 2017 in New York City.  (Photo by Roy Rochlin/Getty Images)
Roy Rochlin/Getty Images
NEW YORK, NY - NOVEMBER 29: Tucker Carlson, host of "Tucker Carlson Tonight" speaks onstage with Nicholas Carlson at IGNITION: Future of Media at Time Warner Center on November 29, 2017 in New York City. (Photo by Roy Rochlin/Getty Images)
Now playing
01:36
Ex-Fox reporter explains why Tucker Carlson is lying about vaccines
LOS ANGELES, CA - OCTOBER 21:  Tucker Carlson speaks onstage during Politicon 2018 at Los Angeles Convention Center on October 21, 2018 in Los Angeles, California.  (Photo by Rich Polk/Getty Images for Politicon )
Rich Polk/Getty Images
LOS ANGELES, CA - OCTOBER 21: Tucker Carlson speaks onstage during Politicon 2018 at Los Angeles Convention Center on October 21, 2018 in Los Angeles, California. (Photo by Rich Polk/Getty Images for Politicon )
Now playing
02:55
Tucker Carlson went on the record with reporter. Here's what she learned
CNN
Now playing
02:05
Bash asks Surgeon General if Fox News disinformation is killing people
CNN
Now playing
03:13
Stelter: The problem is so much bigger than misinformation
Now playing
02:30
'Premised on a lie': Tapper calls out Fox reporter's question
Phillip Faraone/Getty Images
Now playing
01:42
Megyn Kelly says media exaggerated the Capitol riot
Now playing
02:04
Police interrupt live interview to take Cuban YouTuber Dina Stars
Fox News
Now playing
02:25
Guest challenges Fox News host to tell viewers Trump lost
fox news split
fox news
fox news split
Now playing
07:00
CNN rolls the tape on Fox News hosts' anti-vaccine rhetoric
CNN
Now playing
02:54
Hear what CPAC attendees told CNN reporter about Trump
New York CNN Business —  

Does this look familiar? “We’ve updated our privacy notice to provide additional transparency on our information practices as well as to comply with the CCPA.”

This holiday season, inboxes have been filled not only with promotional emails but also dozens of privacy notes.

California’s new privacy law – the California Consumer Privacy Act (CCPA) – goes into effect January 1, 2020. That’s why Postmates, Condé Nast, Hulu, and many more businesses have emailed customers over the past few weeks with new terms of service.

What is CCPA?

CCPA regulates how companies collect and store data. The law applies to for-profit companies that generate more than $25 million in annual gross revenue, have more than 50,000 people’s personal data or generate more than 50% of their annual revenue from selling customers’ personal data.

California residents can now demand those companies disclose what data they have collected on them, and the law requires companies delete that data when users ask them to.

Companies must disclose how their customers can contact them to request their data be forgotten. Square, for example, lists an email specifically for privacy issues.

Why now?

Big scandals, including Facebook’s Cambridge Analytica crisis and Equifax’s data breach, have angered legislators. Many lawmakers are looking to rein in some companies’ seemingly unfettered access to people’s data, giving users more power over their personal information.

Facebook, Google, Amazon and other tech platforms are affected by the law. That’s a big deal, because they generate the vast majority of their revenue from targeted advertising. The law does not prevent them from collecting data, but it requires them to be more explicit about what data they’re collecting.

Does it only affect California residents?

Non-California residents cannot request their data be deleted. But they will be able to read through the new terms of service and see what data companies are collecting.

Other states are also mulling similar regulations on data privacy. Lawmakers have considered a federal privacy law. Facebook CEO Mark Zuckerberg has called for a “global framework” for data privacy regulations.

Sounds like GDPR?

Yes and no. General Data Protection Regulation, or GDPR, is a EU law that was implemented May 2018.

Both GDPR and CCPA are privacy laws that address collecting and storing data, but they handle it differently. GDPR requires that people must consent to a company collecting their data. CCPA doesn’t require an opt-in, but it mandates that people have an ability to opt-out from collection.

GDPR also applies to all companies – not just for-profits of a certain size – and it regulates all types of personal data. CCPA applies to personal data that is not available in government records.

How will CCPA affect tech companies

The impact of this law is hard to measure, because it requires consumers to take action.

Initial compliance may cost companies up to $55 billion, collectively, according to an economic impact assessment prepared by an independent research firm for California’s Department of Justice.

If companies purposefully ignore CCPA, California will fine them$7,500 fine per violation. Other rule-breaking carries a maximum fine of $2,500 per violation. California’s Justice Department will begin enforcing the law on July 1. There’s a six months grace period from the law’s implementation to enforcement.