May 9, 2022 - When California enacted a law now known as the CCPA (California Consumer Privacy Act) it was hailed by privacy advocates throughout the United States as the toughest privacy law in the country. We said so at the time, and pretty much everyone was in agreement on that point regardless of which side of the privacy argument they were on. But consumers who are trying to enforce their rights under the law soon find that they don't have many rights at all. And trying to get the state to enforce those rights is a frustrating exercise that can prove to be futile.
As someone who has been a victim of identity theft myself, I tend to watch my personal data pretty closely. I'm not trying to hide. That would be somewhat stupid when I regularly publish here using my name. But I have frozen my credit and I use Norton (formerly LifeLock) to monitor my transactions and shut down fraudulent activity.
Every now and then, I get notifications from Norton about my data being sold by data brokers. When I receive those notices, I follow the links and then I ask to have my information removed. Recently, received one of those notices and did what I always do. And everything was going just fine until I reached a page in the process that required me to provide a copy of a government issued ID to prove that I was who I said I was.
Think about that for one second. I'm trying to protect my privacy and my identity, but in order to do that the broker wants me to give him a copy of an authentic ID, with all of the information needed to commit identity theft! Not only is it a ridiculous request, but as a Californian it's also illegal under the CCPA. I know this. So I filed a complaint with the State Attorney General's office since the AG is the one who enforces the law. Then I sat back and waited for a response. That was a few weeks ago.
What I expected was a letter or an email that said something like, "We've contacted the data broker (which, by the way, has its main US office in Los Angeles) and your information has been removed." But what I received was actually quite different than that. It told me that my legal remedies were very limited and then read in part, "... only the Attorney General can file an action against businesses. The Attorney General Does not represent individual California Consumers." It then went on to tell me that I could call the state Bar Association to find an attorney of my own to enforce those very limited legal remedies... at my own expense, I presume. Boy, do I feel stupid!
What really strikes me about the response is that the purpose of the law... at least from my perspective... changed immediately. The CCPA isn't about protecting consumers at all. It is about raising money for the state. Small data brokers that tend to fly under the radar apparently don't have much to fear. I had had never heard of the company that is currently still selling my information. But if you get someone big who violates the law... someone with deep pockets.... the state will go after them. It's another way to tax corporations on the wrong side of the state's political narrative of the day, and at the same time look like they are doing something that is consumer friendly.
What an absolute joke. We won't be praising CCPA in the future.
by Jim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|