When the alarm wakes me up, I reach for my mobile phone and check email. Next, I strap on my smartwatch. Over breakfast, I read the news on my tablet while Alexa plays some tunes. I join a conference call while driving to work and spend much of the day on my laptop. When I return home, the thermostat adjusts to my presence while I check out what my FireTV recorded.
Sound familiar? Almost 20% of Americans are just as hyperconnected, meaning they live in a household with 10 or more connected devices. The median household contains five, according to the Pew Research Center. In each one, multiple computers, shared media, work devices, and personal devices are constantly collecting and aggregating data.
How will CCPA treat data collected by devices?
Understanding the nexus of individuals and the various devices they use will be key to preparing to meet operational requirements of the new California Consumer Protection Act (CCPA). As the Internet of Things (IoT) brings more connected devices into our lives, more personal data will be collected and aggregated.
CCPA is designed to increase transparency about how companies collect, process, share and sell personal information. Under CCPA, “personal information” is defined to mean, “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Let’s unpack that wording to explore how CCPA takes devices into account.
Each phrase within the definition above sparks questions the California Attorney General will need to address in order to determine if companies adhere to the letter – and the spirit – of the law.
A “living” law built to evolve as technologies change
In our recent CCPA roundtable discussion, data privacy advocate Alastair Mactaggart explained why the authors intentionally left so much room for interpretation. As he points out, past privacy regulations became out-of-date quickly because they couldn’t keep pace with changing technologies and data processes. Data privacy discussions even five years ago didn’t anticipate the proliferation of data-consuming IoT devices that surround us today, both at home and at work.
In contrast, CCPA has been called a “living law.” The goal is to continue to protect consumer privacy and enable people to control what happens to their data, even as more devices are invented and data analysis becomes more sophisticated.
To keep pace, companies need to develop data privacy programs with the flexibility to identify and classify both people and their devices. They need to anticipate potential future uses of data they collect and prepare to share that information with consumers.
Preparing for operational challenges of CCPA?
Get started with the Ultimate Guide to California’s Data Privacy Law.