CCPA Now in Effect

The California Consumer Privacy Act (CCPA) went into force this week, but enforcement will be delayed for six months.  “We’re going to help folks understand our interpretation of the law,” said California Attorney General Xavier Becerra.  “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”

Microsoft indicated that CCPA will be used as a national standard. Microsoft has already extended EU GDPR compliance globally and called privacy “a fundamental human right.”

“CCPA marks an important step toward providing people with more robust control over their data in the United States,” wrote Microsoft’s Chief Privacy Officer Julie Brill.  “It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”

CCPA requires firms to be transparent in how they collect and use consumer data.  Individuals also have the option to block sales of personal data.  However, “Exactly what will be required under CCPA to accomplish these goals is still developing,” wrote Brill.

Microsoft supports a national privacy law which cover “more robust accountability requirements” including minimizing data collection, transparency around how data is being used, and “making them more responsible for analyzing and improving data systems to ensure that they use personal data appropriately.”

Facebook is hedging, saying “we do not sell people’s data” without acknowledging that its business is based on monetizing member data and that it has a poor history of controlling partner data collection on its platform.

Salesforce CEO Marc Benioff called Facebook the “new cigarettes for our society,” which undermines societal trust.  On CNN’s Reliable Sources, Benioff called for Facebook to be regulated or split up.  “They’re certainly not exactly about truth in advertising.  Even they have said that.  That’s why we’re really in squarely a crisis of trust, when the core vendor themselves cannot say that trust is our most important value.  Look, we’re at a moment in time where each one of us in every company has to ask a question: What is our highest value?”

“I expect a fundamental reconceptualization of what Facebook’s role is in the world,” continued Benioff.  “When you have an entity that large with that much potential impact, and not fundamentally doing good things to improve the state of the world, well, then I think everyone is going to have it in its crosshairs.”

LinkedIn Concerned about Tech Regulations

LinkedIn CEO Jeff Weiner raised concern about a tide of tech regulation following recent data privacy scandals.  Of particular concern is the impact of removing tech company immunity for the content shared by users under Section 230 of the Communications Decency Act.  If the Section were removed, social networks would be forced to proactively censor posts.

“Even if the [technology] industry were to do greater self-regulation, you’re going to see more regulatory oversight.”

Just as the wide use of algorithms has provided a megaphone to misinformation and fringe social media, regulation can have unintended consequences.  “The unintended consequences work both ways,” said Weiner.  “Companies make decisions only with the best of intentions, and there are unintended consequences of those decisions.  But from a regulatory perspective, I think it’s the same thing.”

“You could stifle a lot of innovation.  You could stifle a lot of openness.  You could stifle a lot of the things that create value by virtue of changing these liability rules and laws. That is just almost a canonical example of where these unintended consequences would really proliferate.  The things companies would need to do to ensure that they were protected is going to hurt the way in which people can communicate with one another.”

LinkedIn CEO Jeff Weiner

LinkedIn operates in China where it is subject to censorship.  The firm decided to enter the market as it’s mission is to create economic opportunity globally.  “The censorship issue in China is always a painful one,” he said.  “It has to be navigated and managed in the context of the broader vision.” While LinkedIn is advocating for Section 230, its parent company has taken a pro-regulatory view on data privacy, calling for an American version of GDPR.  Microsoft has built GDPR into the infrastructure of its platforms.