The California Consumer Privacy Act is now in effect, and, while the details of how it will be enforced remain unclear, and no doubt still to be litigated, it's already making its mark. Mozilla's next version of its popular Firefox browser, due to be made available next week, on January 7th, will give users the option of deleting information the browser collects about them. This change, which Mozilla explicitly says is being made to bring Firefox into compliance with CCPA, won't be confined to users located within California, but rather will be applied globally, from Timbuktu to Pocatello, if you will. Other companies, CNET reports, are expected to follow suit with similar measures. Thus comparisons of CCPA to the European's GDPR seem on the mark: both of them have had, and will continue to have, widespread and international effect. SC Magazine says that businesses in the UK are already working to ensure that they don't run afoul of Sacramento's new privacy laws.
But one of the early supporters who helped shaped CCPA thinks it doesn't go far enough. Mary Stone Ross, associate director of the Electronic Privacy Information Center and former president of Californians for Consumer Privacy, argues in Fast Company that the law as it stands will ultimately prove "toothless." She derides it as a "watered down" version of the initiative she and her collaborators initially drafted, with too many concessions made to Silicon Valley lobbyists and other surveillance capitalists. She advocates further legislation, probably best accomplished at the Federal level, that would take seriously making "transparency" the foundational principle of privacy law.
Federal action or not, other states are likely to continue to pass their own privacy laws. Oregon, Lexology reports, has already enacted a breach disclosure law that will have significant privacy implications.