The CCPA is a law that gives California residents (known as “consumers”) certain rights related to the personal information that “businesses” (as defined below) have collected about them.
In particular, California residents are entitled to:
– Request to know the specific pieces of information the business has collected about them
– Request to know the categories of information the business has collected about them
– Request their personal information be deleted
– Opt out of the sale of their personal information
How personal information is defined under these rights is broad and covers much more than the traditional identifiable information, like name, address, and phone number. It also includes products and services purchased, internet activity, geolocation data, and professional or employment information. What’s more: It includes inferences drawn from the information collected, or what businesses assume about individuals based on their information.
We boiled that down as best we could, but since laws are, well, laws, let’s look at an example we can all relate to: a Californian requesting their personal details from a ride-sharing service operating in that state.
The consumer likely can request access to their saved rides, plus their location and route history (including dates and times). Additionally, they can learn what, if any, inferences the company has on them — ride-sharing related or not. For example, say I take a ride-sharing service to my local fitness facility every weekday at 6 pm. If the ride-sharing company has documented inferences that I likely live an active lifestyle and work traditional hours, I’m entitled to — upon request — know those details and to which parties they may have sold those inferences.