惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Troy Hunt's Blog
Latest news
Latest news
Vercel News
Vercel News
S
SegmentFault 最新的问题
V
Vulnerabilities – Threatpost
博客园 - Franky
P
Privacy International News Feed
A
Arctic Wolf
T
The Blog of Author Tim Ferriss
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
T
Tor Project blog
Jina AI
Jina AI
GbyAI
GbyAI
The Hacker News
The Hacker News
博客园 - 叶小钗
Google DeepMind News
Google DeepMind News
T
Threatpost
C
CERT Recently Published Vulnerability Notes
P
Proofpoint News Feed
Scott Helme
Scott Helme
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Microsoft Azure Blog
Microsoft Azure Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园 - 司徒正美
A
About on SuperTechFans
Recorded Future
Recorded Future
爱范儿
爱范儿
L
LangChain Blog
V
V2EX
C
Cybersecurity and Infrastructure Security Agency CISA
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
K
Kaspersky official blog
Webroot Blog
Webroot Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
D
DataBreaches.Net
宝玉的分享
宝玉的分享
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
L
Lohrmann on Cybersecurity
Help Net Security
Help Net Security
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY

Blog of Simple Analytics

The EU wants to kill cookie banners Google is tracking you (even when you use DuckDuckGo) German court rules Meta’s tracking tech violates GDPR Closing the data gap - Simple Analytics x Usercentrics The EU-US data deal may be dead in the water You are missing 20% of your website data with GA4 How a reverse trial will push Simple Analytics to the next level Google will start tracking all your devices (WTF?) Big Tech Fails EU’s Digital Services Act: Only Wikipedia Passes the Test Meta fined $102 million by the Irish Data Protection Commission Europeans spend 575 Million hours per year clicking cookie banners The most interesting GDPR fines GDPR and fines: all there is to know Google loses key antitrust case Web Analytics for Crypto Companies Web analytics for publishers Google pulls Uno Reverse card: Rolls back decision to kill third-party cookies Privacy Monthly July 2024 Privacy Perspectives June 2024 Privacy Monthly June APRA fumbles targeted advertising Privacy Monthly May Meta loses key privacy battle Google delays cookie phase-out once again Privacy Monthly April 2024 Web Analytics and Consent Cookies 101 Privacy Monthly March 2024 German authority cracks down on cookie banners Google Tag Manager vs Google Analytics Google search alternative Data retention in Google Analytics Guide to Google Analytics and Cookie consent What are Google Analytics' identifiers? How to export data from Google Analytics Privacy Monthly February 2024 The Criteo case: a big deal for Big Tech Privacy Monthy January 2024 What the Digital Markets Act means for privacy Google Settles in $5B Incognito Mode Lawsuit Legal troubles for Adobe Analytics Web analytics for nonprofits HIPAA and mental health Why Meta subscriptions are under attack, and why it matters for privacy Privacy Monthly: December Simple Analytics AI Host analytics on Cloudflare Zaraz Add Google Analytics to Convertkit Google Analytics Pricing - Paid vs Free Road to 1 Million ARR - October update CCPA and Data Protection: all there is to know Analytics without a cookie banner Enterprise Analytics Privacy Monthly: November 2023 Mobile App Tracking Under Fire The road to 1 Million ARR - September Update Privacy Monthly: October 2023 HIPAA violations First challenge to the EU-US data transfer framework Direct Marketing under GDPR Road to 1 million ARR - August Update CCPA vs CPRA: what is new? Privacy Monthly: September 2023 A/B Testing with Simple Analytics Dobbs v. Jackson ruling is a privacy mess Privacy Monthly: August 2023 What are your rights under the CCPA? When does the CCPA apply? How does the HIPAA compare to the CCPA and GDPR? Why Meta is in a world of trouble CJEU: cookie-based analytics collects sensitive data Road to 1 million ARR - July update All about the new Data Transfer Framework Road to 1 Million ARR - June update What is PHI under HIPAA? Sweden declares Google Analytics illegal Searching for GA4 Alternatives? Top 10 Reliable Options for Google Analyticss Ultimate HIPAA Compliance Checklist: Essential Steps for Healthcare Providers Privacy Monthly: June 2023 More troubles for Google Analytics The path to 1M ARR - May Update Data Processing Agreements Minimal Product Analytics Facebook data transfers declared illegal Is Google Analytics CCPA-compliant? Help us with your input Cookie banners: How to stay GDPR compliant? GDPR Compliance Checklist Privacy Monthly: May 2023 Simple Analytics: Privacy-first website analytics Improve your e-commerce performance with analytics European Facebook blackout is closer than we think Know your website’s Carbon Emissions - and how to reduce it The path to 1M ARR - April 2023 How to add video tracking using Google Tag Manager? How to track form submissions using Google Tag Manager? Why is my Simple Analytics data different from Google Analytics? Debug Simple Analytics script How to Import Google Analytics Data to Simple Analytics
Delete Act: all you need to know
Carlo Cilent · 2023-10-25 · via Blog of Simple Analytics

On October 10, the State of California adopted the Delete Act, a new law that allows California residents to simultaneously require all data brokers to delete their personal information. The Act will likely deeply impact privacy practices inside and outside the State. So, let’s see what this law is all about!

  1. What is the Delete Act?
  2. Didn’t Californians already have a right to erasure?
  3. How does the Delete Act work?
  4. How is the Delete Act different from other laws?
  5. Who does the Act apply to?
  6. Are there any exemptions to the Delete Act?
  7. What are the penalties under the Delete Act?
  8. What impact will the Delete Act have?
  9. Conclusion

Michelin chose Simple AnalyticsJoin them

What is the Delete Act?

The Delete Act is a new California law on the right to have your data deleted from data brokers. The Delete Act will be enforced by the California Privacy Protection Agency (CPPA).

Didn’t Californians already have a right to erasure?

Yes, California residents have a right to erasure under the CCPA. But, there are two problems when it comes to data brokers.

First of all, it is unclear whether they can exercise that right against data brokers based on the wording of the CCPA. Second, assuming that they can, requesting data brokers to delete personal information would still be difficult in practice. Many different brokers typically control information about a single consumer, and consumers typically do not know who these brokers are and how to contact them.

Long story short, the right to erasure introduced by the Delete Act is not new in California law, but the Act makes it much easier for consumers to exercise it against data brokers.

How does the Delete Act work?

The deletion system described by the Act will consist of a unified registry for deletion requests. Data brokers must periodically access the system and review their databases to ensure they do not contain data about subjects who submitted a request.

Data brokers will also be under other obligations, such as documenting compliance with deletion requests and auditing the results of their procedures for honoring requests.

The Delete Act is vague about the system's technicalities and calls on the CPPA to iron out the kinks in its future regulation. According to the law, the system must be up and running by 2026 the latest. In all likelihood, planning the system will be no walk in the park for the CCPA- and implementing it will be no walk in the park for companies!

How is the Delete Act different from other laws?

The Delete Act is an innovative law. Privacy laws such as the GDPR and California’s own CCPA frame the right to erasure as a matter between an individual and a specific company or organization. On the other hand, the Delete Act broadens the scope of a single request to all data brokers. This system differs from typical erasure requests and rather resembles a do-not-call registry of sorts.

The Delete Act also differs from other privacy laws in that requests also impact any data collected after the submission. A data broker cannot simply delete your data and call it a day; they must periodically review their database and erase any new data about you. An ongoing process of review and erasure is required.

Who does the Act apply to?

On one side of the equation, the Act applies to California residents, much like the CCPA. No one else can submit a request under the Act.

On the other side of the equation, the Act applies to data brokers. The law defines data brokers as any business that knowingly collects and sells information of consumers with whom the business has no direct relationship. So, data brokers essentially act as intermediaries, acquiring personal information on consumers through a third party and selling it to another third party.

It should be noted that the Act uses the same broad definition of data sale as the CCPA/CPRA. The disclosure of consumer data in exchange for something valuable, will likely be considered as a sale, whether monetary payment is involved or not. This means that the Act may apply to many intermediaries in the advertising sector, depending on how regulators understand the definition.

It is yet unclear whether the definition of data broker also covers businesses who buy or receive data from intermediaries- in other words, the customers of data brokers. This yet unclear point is crucial, as many businesses (including smaller ones) enrich their customer data with third party information. Future regulation from the CCPA will hopefully clarify this.

One thing is clear, though: much like the CCPA, the Delete Act will also apply to data brokers outside California, and even outside the US.

On a side note, it is worth highlighting that California has a registry for data brokers, and that registration was mandatory even before the Data Act. This could make enforcement easier, as the CCPA will know who the data brokers are and how to contact them.

Are there any exemptions to the Delete Act?

Yes. Much like the CCPA, the Delete Act does not apply to companies that are bound by sector-specific regulation (such as the HIPAA for the health care sector).

What are the penalties under the Delete Act?

Data brokers can be fined $200 for each day they fail to honor a deletion requests. Data brokers can also be fined under pre-existing California laws for failing to register themselves in the data broker registry.

What impact will the Delete Act have?

The Delete Act will likely have a big impact on the advertising sector, and on other sectors heavily relying on data intermediaries (such as fraud detection). To comply with the law, companies must establish new procedures, and periodically review their databases to retrieve the data they need to delete.

This will likely increase legal and operation costs by no small amount. Additionally, it will require companies to implement robust data governance practices, if they haven’t already, to make it easy to filter out databases and retrieve the information that needs to be deleted.

Finally, it should be noted that data brokers need to verify deletion requests. In other words, brokers need to make sure that consumers are who they say they are, and to find out exactly what personal information in their databases relates to them.

This will be complicated because data brokers sometimes do not collect direct identifiers that would allow for easy verification. It would be wise for businesses to establish robust verification procedures before the requests start coming in and to keep an eye on the CPPA for any guidance on verification.

Conclusion

It is early to say to what extent the Delete Act will impact the digital economy. However, it is clear that it will make compliance harder for data brokers. Companies covered by the Act should think ahead and immediately start preparing to meet its obligations.

We are passionate about privacy. It is a human right, and one that is becoming more important with each day as the world becomes more and more interconnected.

This is why we created Simple Analytics. Our privacy-first tool allows our customers to get all the insights they need in an ethical, privacy-friendly way. Simple Analytics delivers accurate insights without cookies, without trackers, and without collecting a single bit of personal data! If this sounds good to you, feel free to give us a try!