Jan 2, 2020

Chris Hoofnagle Explains How Big Tech Companies May Avoid Compliance With New CA Privacy Act

From Consumer Reports

California's Privacy Law Is Finally Here. Now What?

By Thomas Germain

On Jan. 1, the toughest data privacy law in the U.S. goes into effect: the California Consumer Privacy Act, or CCPA.

After months of lobbying, hand-wringing, and debate, the California Consumer Privacy Act (CCPA) finally went into effect Jan. 1.

It grants California residents powerful new privacy protections, some of which could be extended to consumers across the country. However, it will take months for all the regulations to kick in and even longer to see how effectively the law reins in the worst privacy infringements...

“Companies can’t mislabel data selling anymore. No more ‘sharing’ data with ‘partners,’ and so on,” says Chris Hoofnagle, an adjunct professor at the University of California, Berkeley, [School of Information and] School of Law. “There’s a moment of confrontation here where the industry is being forced to reckon with the idea that when you take data about people and send it to 30 different advertising companies who then give you money, that’s a data sale..."

“A minority of companies are torturing the language of the CCPA in order to declare that they are simply not covered by the law at all,” Berkeley’s Hoofnagle says...

According to a Facebook spokesperson, there’s nothing for consumers to opt out of directly on the Facebook platform, either, because the company says it doesn’t sell any consumer data.

Google did not respond to Consumer Reports’ requests for comment, but the company’s public statements indicate that it will take a similar position.

“That interpretation is strategic,” Hoofnagle says. “Companies like Facebook can buy time quibbling over the law’s application and, in the process, continue business as usual until a court forces them to do otherwise.”


Chris Hoofnagle is a professor in the UC Berkeley School of Information and School of Law.

Last updated:

January 6, 2020