Wednesday, December 04, 2019
Now, start paying attention to CCPA if your site has one California visitor (other states likely to follow suit)
Ian Corzine has a serious discussion of what website
owners and YouTube and social media channels need to follow to comply with the California
Consumer Privacy Protection act (CCPA, AB-375).
Like with COPPA, this subject will surely be the focus
of a lot of lawyerly videos. In theory,
any website or youtube channel with one visitor from California is “vulnerable”. Likewise, other states will pass similar laws
and Congress ponders it, and a federal law is likely by 2021, after the next
election cycle.
The law has thresholds regarding visitor counts and
income before they would apply out of state.
The law is said to have a “right to be forgotten”
clause.
There is a possibility that even a site that requests
no personal information itself could be doing indirectly through cookies. Corzine says that the larger vendors (like
Amazon, for links to Associates) are compliant.
Wordpress and Automattic would need to weigh in. Presumably Google Adsense will be weighing in
soon and requiring privacy policy changes. My own blogs and legacy site do not ask for personal information or logon (COPPA-style age-gating could be in the future and that is a complication); there is one page on one Wordpress blog that links to a 3rd party payment processing company offered by the Web Host; I do not see the purchaser information myself).
Two or three other quick problems come to mind.
One is mentions of non-famous people. This mostly happens in news stories quoted, or
sometimes personal contacts that have been active more locally but who are not “famous”. I’ve had two or three requests to remove
names from my blogs over 15 years or so and there were unusual circumstances in
all of them. I can imagine the mention
of a non-famous criminal defendant from a news story not yet convicted as an
issue.
The other is for self-published authors, especially if
they are POD and mass order their own books at a discount to sell them
themselves, which POD companies tend to expect them to be able to do (and POS
companies are notorious for cookie-cutter marketing). My own site (on
Wordpress) links to a third party company called Payment Sphere. Coming from a large webhosting company, it
certainly should be compliant, but I will check before Jan 1 (like do I need
Corzine’s patches on my own Wordpress page?
I’ll check.) Behind this comment is the idea that tech industry is slowly paying attention to individual creators' "commercial viability" (I realize the phrase on YouTube's recent TOS change has a more contingent interpretation) and whether business models can afford to host speech for its own sake if it doesn't try to make money on its own.
Another possibility is speakers who leave their own PII in comments (like people who knew me from the Army, etc, during the "don't ask don't tell" debate; that has happened.)
The applicability of state laws comes from our own
system of federalism, but that really exists in Canada too (Quebec is a special
case and has tricky laws of its own about everything), and, in a different way,
in the EU (from GDPR and the Copyright Directive). Stay tuned.
I am in Virginia, but I make it to California frequently
(and was just in Ontario recently).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment