California is preparing for the new California Consumer Privacy Act (CCPA) to come into effect on 1 January 2020, and of all the Silicon Valley companies likely to be affected by the new regulation, Facebook, for one, has declared that it is "ready for California's new privacy law".
The CCPA was passed last year by California's state governor and is one of the strictest bills on data privacy in the US. It grants Californian users the right to request a business to disclose, for no fee, the personal information that is being collected about them, as well as whether it is sold or shared and to whom.
The bill also lets customers refuse the sale of personal information, while still receiving equal service and price.
SEE: IT pro's guide to GDPR compliance (free PDF)
One of the drivers the CCPA mentioned in the body of the bill was the Cambridge Analytica fiasco that saw the Facebook data of up to 87 million people worldwide harvested without their knowledge.
A year and a $5 billion penalty later, Facebook has made amends, and it is now assuring the public that it has done its homework, and is prepared to embrace the new CCPA.
"We are ready for its arrival," said the company, "in part because we've made long-term investments across our products to help people everywhere easily manage their privacy and understand their choices with respect to their data."
As examples of its efforts, the social media giant pointed to the self-serve tools it has built to let people access, download and delete their information, which can be divided into 72 categories, from the user's IP address to their political views.
The tool, dubbed "Access Your Information", was part of an update that Facebook carried out last year to comply with the EU's General Data Protection Regulation (GDPR).
Facebook took other steps after GDPR came into effect, such as committing to let users choose whether they want to continue sharing certain types of information, and updating the platform's terms of service and data policy.
The social media company said that, since the CCPA also requires companies to provide thorough descriptions of their privacy practices, "reviewing our data policy is still the best way to find clear, detailed information about how we process data."
Although the CCPA and the GDPR have much in common, however, businesses like Facebook might have to take additional steps to make sure that they comply with both regulations.
For example, the CCPA specifically prescribes that companies make available two or more ways for customers to request access to their personal information, including a toll-free telephone number, which GDPR does not require.
The Californian law also establishes exceptions to the right to access and delete one's data, which differs from those detailed in European legislation. The CCPA imposes more rigid restrictions on data sharing for commercial purposes, and uses a broader definition of "personal information".
And with fines of up to $7,500 per intentional violation of the new Californian law, it is in Facebook's interest to make sure its data-protection practices are up to date – if the social media giant doesn't want to risk seeing its privacy bill grow even bigger.