The internet has transformed into a museum of personal information collected through the digital footprint we leave behind after each act performed on the web. Businesses have monetized this collection of personal data in various ways. For instance, many companies analyze this information through predicting analytics and data profiling to identify consumer interests that they can exploit as a means to generate revenue. Though user data promotes many benefits for businesses and consumers alike, the recent data breaches of massive companies, coupled with hazy privacy disclosures that beget consent disputes, have left both users and businesses perturbed and exposed to various risks. The California Consumer Privacy Act (CCPA) attempts to regulate businesses’ use of Californian consumer data and purports to be a promising solution to concerns regarding data privacy. However, its poor drafting and unintelligible requirements pose serious challenges such that the Act ultimately fails to provide consumers with primary control over their personal information that’s collected online. This Note examines the “anti-discrimination” provision enumerated in section 1798.125 of the CCPA and addresses the ineffectual restraints placed on businesses that transact in personal data. To encourage transparency and enable informed consumer decision-making, this Note recommends that California should: 1) void the reasonable-relationship exception in section 1798.125(a)(2) since it undermines the provision, and the valuation of personal data across different industries is inconsistent and unmanageable; and 2) supplement the “financial incentives exception” in section 1798.125(b)(1) with additional restrictions on permissible practices that prioritize disclosure and foster consumer autonomy.
THE COMMODIFICATION OF PERSONAL DATA AND THE ROAD TO CONSUMER AUTONOMY THROUGH THE CCPA,
15 Brook. J. Corp. Fin. & Com. L.
Available at: https://brooklynworks.brooklaw.edu/bjcfcl/vol15/iss2/8