for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up

California posts final regulations under landmark digital privacy law impacting consumers, businesses

WASHINGTON (Reuters) - Final regulations that guide businesses and consumers under California’s new digital privacy law went into effect on Friday, marking a significant step towards giving Americans the right to request their data be deleted from e-commerce websites and social media.

FILE PHOTO: A man uses his Apple laptop on the steps of Federal Hall on Wall St. in the financial district of New York City, U.S., October 16, 2018. REUTERS/Brendan McDermid

The California Consumer Privacy Act (CCPA), effective since the start of 2020, oversees the data collection practices of U.S. companies and allows state residents to opt out of having data sold to third parties.

The law gives California residents the right to see the specific pieces of personal data that a company has collected on them - such as smartphone locations, voice recordings, ride-hailing routes, biometric facial data and ad-targeting data. They also have the right to know what kinds of third parties, a company has sold that information to.

The final rules mandate a business must provide consumers with timely notice, at or before the point of data collection, about the categories of personal information they are collecting and how it will be used.

It also allows residents to see the inferences that have been drawn about them, including predictions or categorizations related to a person’s behavior and abilities.

The law in California, which has a population of close to 40 million, impacts roughly one in ten Americans.

The law covers tech platforms, ride-hailing services, retailers, cable TV companies, mobile service providers and others that collect personal data for commercial purposes, including Facebook Inc, Alphabet Inc’s Google, Walmart and Amazon.com Inc.

It also covers companies collecting the personal information of 50,000 people or more every year.

The privacy bill was passed in June 2018 with a compliance deadline of Jan. 1, 2020. Since then many businesses have added "Do Not Sell My Info" links to their websites reut.rs/3kN8MzW

Indications of how the state will handle enforcement will be tracked closely as companies continue to invest in compliance.

Reporting by Nandita Bose in Washington; Editing by Chris Reese and Sonya Hepinstall

for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up