Recently, the state
of California in the United States of America made an interesting change to its
data privacy laws, with respect to how consumer data is used by a host of government
and non government agencies. The act became a law with effect from 1st
Jan 2020. The law is seen widely as California’s own version of GDPR.
The acts is called the California Consumer privacy act (CCPA). This law needs compliance from every company or institution in the state of California, and there are seemingly punitive clauses for those who fail to adhere to the regulation. The law allows citizens of the state to opt out from any of their personal data being used for whatever purpose.
(Given that a lot is being done now, to regulate legal citizenship in this country, and with the possible ushering in of a National Population Register (NPR), shouldn't privacy of citizens be a priority for all of us??)
 |
| Can you imagine an Indian version of CCPA? |
The acts is called the California Consumer privacy act (CCPA). This law needs compliance from every company or institution in the state of California, and there are seemingly punitive clauses for those who fail to adhere to the regulation. The law allows citizens of the state to opt out from any of their personal data being used for whatever purpose.
Its akin to someone in India, telling that their data in Aadhar must be locked, and not be used by anyone at all.
The act is intended
to provide California residents with the right to: Know what data is being is being collected about them; Know whether their personal data is sold or
disclosed and to whom. Say no to the sale of personal data. Access their personal data. Request a business to delete any personal
information about a consumer collected from that consumer. Not be discriminated against for exercising
their privacy rights.
The highlight of the act is the importance that the data collected by the establishment and companies from citizens is assigned, with respect to how the data must be treated with sanctity.
The highlight of the act is the importance that the data collected by the establishment and companies from citizens is assigned, with respect to how the data must be treated with sanctity.
Companies that become victims of data theft or other data
security breaches can be ordered in civil class action lawsuits to pay
statutory damages between $100 to $750 per California resident and incident, or
actual damages, whichever is greater. If there are un-intended violations by
the companies, a fine of $7500 is levied, and when intended, the fine is down
to $2500.
This supposedly revolutionary law on data protection has
just come into effect, and the coming weeks and months will show how it is
being followed in letter and spirit by the corporates in the California State. There
is almost no decent sized company that will be untouched by the protection law,
and hence, it is seen as a test case as to how data protection and privacy laws
can evolve across the other states and eventually, the rest of the world!
What would you think does it take for such a law to be
brought about in India?
Is it really
possible, given that ours is one country where citizen data is widely seen to
be the most misused, not just by the private corporates, but even by the state
and central governments?
(Given that a lot is being done now, to regulate legal citizenship in this country, and with the possible ushering in of a National Population Register (NPR), shouldn't privacy of citizens be a priority for all of us??)
No comments:
Post a Comment