California Data Privacy Law & Other Movements Around the World

California Data Privacy Law & Other Movements Around the World

Abstract

Several companies have been confronted with current and urgent issues regarding data protection regulation. A case study of California Data Privacy Law shows that GDPR (The General Data Protection Regulation) has subjected many rules on organizations and or business companies to safeguard the European Union individuals’ data (Cooley, 2004). Recent researches such as Salesforce indicate that about sixty-eight percent of the consumers do not trust brand companies managing data with their personal information. In contrast, only fifty-five percent understand how these companies utilize their personal information. Hence, the organizations which control or process data should have the assurance of their venders or third parties or sub-contractors to act per the applicable requirements of The General Data Protection Regulation (Andreisová, 2020). However, Big Data is a new trend taking over various fields of data intensively where the datasets are larger and difficult to run. When our data are mined and collected by companies such as Google, Facebook, retail chains, mobile phone companies, and governments, it becomes a sociological problem, and technologically challenging (Smith et al., 2012). This paper will discuss ethics, and privacy issues with big data, examples of data ethics, cybersecurity and data breaches as threats, an overview of data privacy regulations worldwide, history of the GDPR, the impact of GDPR on the European Union and the United States-based organizations, the California Consumer Privacy Act (CCPA), 2020, and a brief comparison of privacy law in other countries and practical recommendations on the implementations of data laws in the world (Layton, 2018).

California Data Privacy Law & Other Movements Around the World

The California Privacy Law provides its consumers with the right to evade the sale of their data and the right to obtain their personal information and delete it from unauthorized companies or organizations at will. It is speculated that over five thousand businesses in the US will be required to provide these privacy rights to California consumers (Gerhart, 2018). This bill shall take effect in July and the urge to update or establish privacy compliance programs need to be a priority of the corporate information technology initiatives. The privacy act of California conveys a powerful message that individuals care about their privacies hence lawmakers should act shifty. The California Consumer Privacy Act (CCPA), 2020, and the general data protection regulation (GDPR) is seemingly shaping the discourse of new privacy law and is likely to act as a national model through the establishment of a meaningful data policy (Wilcox, 2019). Even though it can be a burden to many companies but it can as well act as a golden chance to inspire the trust of the customers.

The exchange of information has been an essential portion of our daily lives. However, the exchange of data is subject to legal regulation. The EU-GDPR (The European data protection and regulation) has since been particularly regulating the protection of private data since May 2018 with possible penalties still taking a toll on non-compliance organizations and companies. Hence, the definition of privacy control patterns that transfer the existing data protection and regulation needs into technical solutions template for compliant services (Hsu, 2018). These patterns have applicable guidelines about privacy and data protection. They also act as a reference book for users of the information technology services and the providers to minimize and clear doubts associated with the general data protection and regulatory compliance and implementation. Conclusively, the GDPR is a regulation in the European law on the protection of data and privacy for all persons within the EU, as well as addressing the export of private information outside the European Union (Rösch et al., 2019). The GDPR also has requirements and provisions within the EU containing the processing of the identifiable data of people officially known as data subjects in the general data protection regulation inside the EU. It applies to all businesses irrespective of the location in the European Economic Region. According to the Commission of European, “Personal Information” is any data about a person whether to his or her professional, private or public life. Personal data can be anything ranging from a home address, a photo, a name, bank details, an email address, posts on social media, the IP address of a computer or medical information (Smith et al., 2012).

Cybersecurity & Data Breaches as Threats

Individuals and not computers establish computer malware and computer security threats. For instance, predators and hackers are usually programmers who manipulate others for their gains by evading systems of computers to change, steal, and or destroy data as a way of cyber terrorism. (Andreisová, 2020). A breach of data can strike any enterprise anytime. The data must always be protected whether or not an organization has a piece of sensitive information it wants to keep secret to maintain its competitive position or records required to meet the government or industry’s regulatory demands because of the risks or risks brought by a data breach are normally deep. Data breaches may include the disclosure of personally identifiable information of the customer, intellectual property theft, theft of the financial information of the customer, or healthcare data among others. No business or industry is immune to cyber threats and the risks of security breaches but they usually require the attention of the public to customers, vendors, partners, government agencies, and shareholders (Smith et al., 2012).

Overview of data privacy regulations worldwide. The GDPR (General data protection) is a powerful privacy law established by the European Union in the year 2016 and became enforceable on 25th May 2018 (Wilcox, 2019). Its main purpose is to update the digital security for the European Union citizens through the provision of a high level of control on private information shared online. With more economic and social activities placed online, the significance of data and privacy protection has been gradually accepted worldwide. On the same measure, the collection, sharing, and use of personal data to 3rd parties without the consent of the user or notice of the consumers, one hundred and thirty-two out of one hundred and ninety-four states had signed legislation to secure data and privacy protection (Gerhart, 2018). Asia and Africa indicate the same level of adoption with fifty-five percent of states having implemented such legislation where twenty-three are at least developed nations (Layton, 2018).

History of the GDPR. The history of GDPR has long been considered a gold standard across the globe. In the previous twenty-five years, human lives have been transformed by technology in a manner no one could ever think of, hence there was an urgent need for the review of data protection laws. The united nations adopted the GDPR in the year 2016 as one of its significant achievements over the years (Loubichi, 2018). The General data protection regulation replaced the data protection directive of 1995 that was established during the creation of the internet but GDPR is recently accepted as law all over the United Union, and the Sates’ members had two years to make sure it is enforceable in their various countries by 25th May 2018. The below timeline has key events and dates in the process of data protection reforms between 1995 and 2018 (Andreisová, 2020).

Date

Event

25th May 2018

The Appointment of the DPO (Data Protection Officer)

25th May 2018

Corrigendum to Regulation (The European Union) 2016/679

Corrigendum to Directive (The Uuropean Union) 2016/680

22nd May 2018

A Regulation of European Council and Parliament Proposal

6th May 2018

Data Protection Directive transposed by the Member States

10th January 2017

The proposal of ne regulations on e-Privacy and data rules by the European Commission.

24th May 2016

The GDPR enters into force twenty days after its publication in the EU Official Journal.

27th March 2016

Regulation (The European Union) 2016/679.

Directive (The European Union) 2016/680.

2nd February 2016

The issuance of an action plan by the article twenty-nine working party.

15th December 2015

The European Parliament, the EC, and the Council reach an agreement on the General Data Protection Regulation.

27th July 2015

The final texts on the General Data Protection Regulation by the European Data Protection Supervisor.

16th June 2015

The European council reaches a common approach on the General Data Protection Regulation.

12th March 2014

The European Parliament adopts the General Data Protection Regulation.

5th October 2015

The article twenty working party opinion on the data protection reform.

23rd March 2012

The article twenty working party opinion on the proposal of data protection reform.

7th March 2012

The European Data Protection Supervisor Opinion on the European Council data protection reform.

25th May 2012

The European Commission Proposal to materialize the digital economy and online privacy rights.

22nd June 2011

The European Data Protection Supervisor Opinion on the European Commission Communication- Comprehensive approach on private data protection in the European Union

24th October 1995

The Adoption of Directive 95/46/EC

Key Events and Dates in the Process of Data Protection Reforms Between 1995 and 2018

Source: Loubichi, S. (2018). General data protection regulation (GDPR) of the European Union. What had to be considered until 25 May 2018. At. Internationale Zeitschrift fur Kernenergie, 63(5), 289-294. Retrieved: https://inis.iaea.org/search/search.aspx?orig_q=RN:49060560

Impact of GDPR on the EU & US-based organizations. The impact of the General Data Protection Regulation is being felt by the United States-based organizations as they are required to comply with the rules of data privacy. This will likely prompt the united states to establish their own data privacy rules for the organizations to follow. Way back 2018, the leading united states based technology companies asked the federal government to implement a law similar to the General data protection regulation, and in February 2018, the united states government accountability made a similar recommendation (Wilcox, K. M. (2019). However, for the organizations transacting business globally, have to respect the European Security mandate and treat it as the united states federal government rule. On the other hand, the EU has reaffirmed its role in the protection of basic rights and freedom of citizens and individuals including, the particular fundamental rights to private data protection as enshrined in the fundamental rights of the European Union chatter and with the basic law of treaty of its function (Andreisová, 2020).

The California Consumer Privacy Act (CCPA), 2020

This act was passed by California in June 2018 but it could have numerous consequences on the companies of the United Stets as compared to those of the EU’s GDPR. The law of California does not contain some of the general data protection regulation’s most critical requirements like the narrow seventy two hour window where a company has to report a data breach (Kuner, 2010). However, the CCPA (California consumer privacy act) takes a wider view than the general data protection regulation of what makes up private data. Instead, the CCPA permits any Consumer from California to demand access to all their information saved by a given company. Moreover, this law permits consumers to sue responsible companies in case of any data violation. All the companies under California and which serve the residents of California, and have annual revenue of at least twenty-five million dollars must comply with the CCPA, 2020 (Loubichi, 2018).

The Ethics of Working with Big Data

Ethics is an essential subject for all professionals around the world and not just for the individuals in the information technology professions. Ethics serve as standards for conduct evaluation as they identify the proper and improper cause of action (Kjonstad and Willmott, 1995). Moreover, they suggest that only proper courses of action need to be pursued hence ethical behavior is strictly concerned with doing that which is right. The ethical theory offers a foundation for all proper conducts including, providing a framework for underlying rationales of moral arguments, understanding, and classification of various arguments as well as defending a conclusion on right or wrong.

The ethics of big data are also referred to as data ethics which means defending, systemizing, and recommending the concepts of good and wrong conducts in Big data has become an explosive subject over the years in which the datasets are larger than they can be effectively handled (Litchfield, 2018). The most common issues when running big data are storage, capture, dissemination, analytics and visualization, search, and others. Big data could be having more benefits including, allowing in-depth analyses of patterns within behaviors as well as providing an insight level valued by industries and academia alike. It is broadly used in various businesses. Moreover, its insights can lead to increased benefits. Due to big data, there exist investments into big data researches and infrastructure though the research on it is increasingly against legal concerns of privacy, international access, government regulation, and gradual criticisms of digital data gatherings (Hsu, 2018). As a result, the function and the potential of big data change that shall inevitably interfere with research in public relations. Also, the public research practice is guided by research hence practitioners need to acknowledge the legal concerns bedeviling the research practice. Perhaps this is more critical for big data issues since legal regulation reveals regulation does not only involve how big data is collected but also how it is utilized (Gerhart, 2018).

The United States Big Data Regulation

Big data is influenced by the privacy laws of the state particularly those that directly deal with online record keeping and disclosures. For instance, a massive state privacy law is an online privacy act of California (CalOPPA) that took effect in the year 2004 and was later implemented in the year 2014 (Smith et al., 2012). This needs websites to offer full privacy rights statements as well as permitting users to acknowledge how their data shall be used. Otherwise, other states like Alabama, Oregon, South Dakota, and Delaware have as well started addressing data and privacy issues for organizational workers (Litchfield, 2018). However, it is worth noting that state laws have consequences and may be suppressed by federal regulations. Though the use and collection of big data do not only fall under purviews of federal statutes but also under regulations of federal urgency. But the states could further explore the privacy regulation as compared to the big states like California, New York, and the federal government which acts as legal influencers due to their level and size of commercial activities (Cooley, 2004).

Ethical issues in data science

In data science, ethical issues are identified as shared values that aids humanity to distinguish right and wrong and the gradual digitalization of human activities which shapes the horizons of the world around us (Guy, 1990). The applications of data science such as the COMPAS (the correlational offender management profiling for alternative sanctions) system of software are used in the united states domestic meters and courts. Data science contains two components including, the big data and statistical models in the form of software that can identify patterns in such data (Spivey and Echeverria, 2015). Ethical issues present themselves when opinions between right and wrong deflect. For instance, should algorithms have the ability to decide whether or not a defendant is to be released on bail? Or statistical models built on data top, applications such as COMPAS would need to analyze how the information is produced first (Layton, 2018). Ethical issues in data science may also come by when police on patrol are mistreating citizens. Generally, the main ethical issues in data science include lack of human transparency, unfair discrimination, and human biases. The vast amount of data and statistical models contribute to inherent limitations in decision making based on previous data patterns (Spivey &Echeverria, 2015).

Data Ethics Examples

Both international and national governments do a draft, publish, and implement the rules of data ethics. These include the EU’s GDPR (the European general data protection regulation), HIPPA( the health insurance portability and accountability), the FERPA( the family educational rights and privacy act), and the California consumer act (Kjonstad and Willmott, 1995). Data ethics entail data handling, algorithms, and corresponding practices such as programming, professional codes, hacking and responsible innovation (Forester & Morrison, 1991).

Conclusions & Future Study

Big data is a crucial form of research and shall be part of the research for far too long. Though, legal concerns surrounding the big data suggest that the act of acquiring and use of big data shall evolve in the coming years. More data concerning everyone is being produced so fast from numerous devices hence there is a need to question the integrity of the data protection companies. Both legal systems and individuals are seemingly losing the battle on data protection rights. For instance, Cambridge Analytica’s violation of the personal privacy of customers is an eruption that attracted the attention of individuals in ways never seen before. However, fundamental transformations in the technological and business environment also occur as driven by the globalization of the economy of the world. Hence, the increased advantages of data processing, data transfer through the internet, and significant involvement of people in the transborder data flow. The consistent need for businesses to secure and manage their sensitive information should not be ignored. The GDPR moves the companies and organizations to protect data from unauthorized access as well as ensuring that personal information is obtained with the clear consent of the owner. For instance, in the year 2019, the Gartner recorded a decrease in the general customer satisfaction, an increase in privacy invasions, and erosion in trusts. Still, recently the demand extends to all interactions between the organizations, devices, and customers. Also, the law practitioners across the globe continue to prepare to meet the demands of all the customers on the protection of their data privacy. Researches indicate that by 2023, sixty-five percent of the total population of the world shall have its data protected under modern privacy regulation; an increase of ten percent from today.

References

Andreisová, L. (2020). Analysis of the Impact of the GDPR on Third-Party Risk Management Programs and Related Recommendations for DomesticwellWell as International Corporate World. Business and Management Studies, 6(1), 1-11. Retrieved: http://redfame.com/journal/index.php/bms/article/view/4683

Cooley Godward, L. L. P. (2004). California Online Privacy Protection Accessed October 1, 2012.

Forester, T., & Morrison, P. (1991). Computer ethics: cautionary tales and ethical dilemmas in computing. Harvard Journal of Law and Technology, 4(2), 299-305. Retrieved: https://heinonline.org/HOL/LandingPage?handle=hein.journals/hjlt4&div=10&id=&page=

Gerhart, T. (2018). AB 2182 and Chapter 55: Enacting Privacy Regulations in the Face of Legislative Complacency. McGeorge L. Rev., 50, 177. Retrieved: https://www.forbes.com/sites/andrewrossow/2018/05/25/the-birth-of-gdpr-what-is-it-and-what-you-need-to-know

Guy, M. E. (1990). Ethical decision making in everyday work situations. Greenwood Publishing Group. Retrieved: https://books.google.co.ke/books?id=zsb3e9wSW7wC&lpg=PR7&ots=qBySI_xeCx&dq=Ethical%20Decision%20Making%20in%20Everyday%20Work%20Situations%20%E2%80%93%20Guy%2C%20Mary%3A%20New%20York%3A%20Wuorum%20books%2C%201990&lr&pg=PR7#v=onepage&q&f=false

Hsu, T. H. C. (2018). Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps. Packt Publishing Ltd. Retrieved: https://books.google.co.ke/books?id=bO1mDwAAQBAJ&lpg=PP1&ots=pHkA7pSohK&dq=https%3A%2F%2Fwww.eugdpr.org%2F%20(Links%20to%20an%20external%20site.)%20%26%20https%3A%2F%2Fwww.gdpreu.org%2F%20(Links%20to%20an%20external%20site.)&lr&pg=PP1#v=onepage&q&f=false

Kjonstad, B., & Willmott, H. (1995). Business ethics: Restrictive or empowering?. Journal of Business Ethics, 14(6), 445-464. doi.org/10.1007/BF00872086

Kuner, C. (2010). Regulation of transborder data flows under data protection and privacy law: past, present, and future. TILT Law & Technology Working Paper, (016). Retrieved: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1689483

Layton, R., & McLendon, J. (2018). The GDPR: Whaally Does and How the US Can Chart a Better Course. FEDERALSoc’yOC’Y REV., 19, 234-235.

http://pages.dataiku.com/hubfs/GDPR/WP-DATA-GDPR.pdf

Litchfield, J. (2018, May 14). Big Data Breaches Shine Spotlight on Laws Impacting Employee Data Protection [Web log post]. Retrieved from https://www.laboremploymentperspectives.com/2018/05/14/big-data-breaches-shine-spotlight-on-laws-impacting-employee-data-protection/.

Loubichi, S. (2018). General data protection regulation (GDPR) of the European Union. What had to be considered until 25 May 2018. At. Internationale Zeitschrift fur Kernenergie, 63(5), 289-294. Retrieved: https://inis.iaea.org/search/search.aspx?orig_q=RN:49060560

Rösch, D., Schuster, T., Waidelich, L., & Alpers, S. (2019). Privacy Control Patterns for Compliant Application of GDPR. Retrieved: https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/27/

Smith, M., Szongott, C., Henne, B., & Von Voigt, G. (2012, June). Big data privacy issues in public social media. In 2012 6th IEEE International Conference on Digital Ecosystems and Technologies (DEST) (pp. 1-6). IEEE. DOI: 10.1109/DEST.2012.6227909

Spivey, B., & Echeverria, J. (2015). Hadoop Security: Protecting your big data platform. ” O’Reilly Media, Inc.”. Retrieved: https://books.google.co.ke/books?id=VXEJCgAAQBAJ&lpg=PR2&ots=e601Po-Dyn&dq=Spivey%2C%20B.%2C%20%26%20Echeverria%2C%20J.%20(2015).%20Hadoop%20security%3A%20Protecting%20your%20big%20data%20platform.%20Sebastopol%2C%20CA%3A%20O’Reilly.%20Amazon%2C%20%2443.%20%20415%20pp.%20&lr&pg=PR2#v=onepage&q&f=false

Wilcox, K. M. (2019). Hey Alexa, Do Consually Want More Data Privacy: An Analysis of the Negative Effects of the General Data Protection Regulation. Brook. L. Rev., 85, 257. https://www.ibm.com/security/privacy