The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Companies like Mozilla are using the passage of the CCPA as a way to better empower users to delete their own personal data.
The nation's first landmark consumer privacy law, the California Consumer Privacy Act, took effect last Wednesday as scheduled, and with it, a wave of email notifications, pop-ups, and other moves carried out by companies to better empower Californians to access their personal data.
With the CCPA going into effect, Mozilla, like several companies over the last several months, announced plans to roll out changes to every user of its Firefox browser, not just those in California.
In a blog post last week, Alan Davidson, Mozilla’s VP Policy, Trust & Security, announced that the company would allow users to delete their own telemetry data beginning with Firefox 72, slated for stable release on Tuesday.
As Davidson notes, telemetry data isn't typically considered "personal data," something that's regulated under CCPA, but the act of giving users more control over it is something of a good faith effort by the company.
For users, telemetry data is basically any information about the browser, if its crashed, how its performed, in addition to other data about how it interacts with hardware, daily use, and user customizations. To Mozilla, the information has never been able to be traced back to a particular user - it doesn't collect telemetry in private browsing mode; it essentially just gives the company an idea of how its browser is behaving in the wild.
Mozilla's blog post came about 11 days after Google acknowledged that it too was planning on support CCPA across Google Cloud through tools to respond to requests by consumers looking to exercise their rights. For its part, the team behind Chrome, Google's browser, said at its I/O conference last year that it would limit the usage of third-party cookies as a tracking and targeting tool, something that helps it better comply with the CCPA. Users can now block third-party cookies that can be used to track user activity and deliver targeted ads.
Similarly, Microsoft announced plans in November to also extend the CCPA's core rights to all of its customers in the U.S., much like how it extended rights via the General Data Protection Regulation (GDPR) to users around the world in 2018.
“While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction," Julie Brill, Microsoft's Chief Privacy Officer, said at the time.
The CCPA of course, grants Californians the right to ask companies - specifically those that collect information on 50,000 people or make $25 million or more annually - for any data they may have compiled on them, including recordings, GPS data, what information has been sold or sent to third parties, biometric data, and so on.
While companies like Twitter, Google, LinkedIn and Mozilla are seemingly playing nice and going along with the CCPA, it's widely assumed by tech prognosticators that some, like Facebook, will continue to skirt the law. While Facebook is more or less complying with the CCPA by allowing Californians to request data on themselves via Instagram, WhatsApp, and Facebook, where things get foggy is when it comes to the company’s web tracker.
Facebook claims it doesn't sell the data that Pixel, its tracker, collects; it allows companies to purchase ads based on its data collection. The company put the onus on those companies in a blog last month, "Ready for California’s New Privacy Law," saying that "businesses will have to assess whether their data transfer activities constitute a ‘sale’ of data under the law."
Like the existing GDPR lawsuit against Facebook, it's likely any fight against any company, Facebook or Google, involving the CCPA will be complex and take years to resolve.