Skip to content

A Deep Dive into The California Consumer Privacy Act and what it means for CyberSecurity


It’s no secret websites and apps collect and monetize your data. Things like your search history, interests, and location may seem arbitrary or even necessary, but should people be profiting off of it? This is one of the major ethical and cybersecurity issues of our time. This information can be used to more effectively inundate you with ads or analyze your behavior to get you to buy. 

But when does it go too far? Luckily, a piece of California legislation has taken this issue head-on. 

The California Consumer Privacy Act (CCPA) puts some power back into internet users’ hands. This law regulates the relationship companies and Californians have with their data. It also helps people opt out of their data being sold. It even gives them access to get a clear picture of what data is being collected. 

But what if you don’t live in California? 

Who cares, right? 

Wrong. This has changed the dialogue about consumer privacy and given average Americans insight into just how much their privacy can be monetized. The CCPA was passed in 2018 but did not go into effect in 2020 to give major web players adequate time to accommodate all the necessary changes. This law has changed the shape of the Internet. Websites now have to cater to California users to ensure that they do not violate this law. 

This is a pretty bold move by California. But it is the largest economy in the US, and if it were its own country, would be the fifth-largest economy in the world. Not bad, huh? 

Why did California Pass the CCPA?

Apps and websites need access to some data to function. But some supplement their profits by selling your data to third parties. These third parties are a workaround to circumvent laws that exist to protect your privacy. After all, Facebook doesn’t call you to remind you to log in, right? That would be a violation of your privacy. But it also would be a violation for your Facebook data to end up in the hands of Pepsi or McDonalds, right? 

Do you want fast food companies marketing to you when you’re feeling sad or on a diet? Things haven’t gotten that out of hand. But, as recently as 2022, a non-profit suicide hotline was going to monetize the mental health data they’d collected as part of a for-profit venture.

Luckily, a Politico story caused the company, Crisis Text Line to stop their attempts to use this data with their for-profit partner. But could you imagine someone trying to use the woes of suicidal people to sell products or market to them? While, yes, this data may potentially help people struggling with their mental health, this does bring up major ethical concerns and tests the limits of patient-counselor confidentiality. In this case, patient app confidentiality. 

Meanwhile, have you ever even seen all of the information Amazon has on you? You can see how deeply these websites dive to better get their hands on your money, time, and attention. The issue is not that they’re trying to make a profit, the issue is that the average consumer is not fully aware. 

Many don’t think about their privacy when using apps or scrolling on socials. But apps and social networks are not really free, you’re paying for them with your data. The issue is if no one is paying attention, these faceless companies that act as intermediaries can get bold with the data they take. 

Websites and apps can forward, or even sell, your information to third parties. Your privacy is protected by the law. But these third parties act as a workaround because you give the company the right to forward this data in the abnormally long terms of service and privacy policies that we scroll through. This essentially signs away some of your rights. That’s why it’s always a good idea to at least give them a skim to make sure ownership of your soul is not casually mentioned. 

While there are limitations to what data is collected, these third parties can work with multiple companies and put together a profile on you. Say Company X works with 3-5 of your favorite sites or social media apps. They can put those puzzle pieces together to market to you specifically. This is why you’ll do a search for something and suddenly start seeing ads for it everywhere. This can be from websites collecting your data and behavior. 

This is why the CCPA is so important. 

What does the CCPA Limit? 

While California has Silicon Valley and Hollywood revolutionizing tech and entertainment, the basics of this law come from Europe’s General Data Protection Regulation (GDPR). The GDPR regulates the data that can be collected, gives people access to see what data has been collected, and allows them to opt out of that information being sold.  

The law defines your personal information as anything that could identify you. This includes your name, social security number, email address, and address. It also goes deeper to include records of products purchased, your browsing history, GPS data, fingerprints, and anything that can create “inferences from other personal information that could create a profile about your preferences and characteristics.” California even has a website that explains the law to consumers. 

The law also lets California residents ask what data companies are collecting. They can also opt out of accepting cookies. Cookies can be used to help store your login information but some cookies track what you’re doing and report that information back to the website or app. The CCPA has vastly affected the cookie policy of many websites and outlined certain information sites must disclose before a user accepts cookies for their site. 

This law is a pretty big flex. It’s forced websites to have to fall in line with compliance and create separate settings just for California residents. But the law wasn’t unreasonable. It also wasn’t all-powerful. There are certain benchmarks required for websites and apps. Companies must gross over $25 million, buy and sell the information of 50,000 unique users or devices, and derive 40 percent or more of their annual revenue from selling consumer information.

Clearly, this doesn’t mean websites, apps, and social networks are not able to still collect and sell user data. It also doesn’t mean companies are not hard at work looking for new and interesting ways to get their hands on data.

What does the CCPA mean for cybersecurity?

The CCPA is a boon to privacy. Now users are more aware of what’s happening with their data. While maybe only California residents get interrupters allowing them to opt-out of cookies, turn off marketing tracking, or the sale of their information. It’s also inspired more states to consider similar consumer privacy legislation. This article offers a helpful list of the status of various states and their proposed legislation. 

Now you’d think that this makes Californians completely immune to privacy concerns but even Californians should be diligent and check all of their favorite websites, apps, and socials for specific settings. After all, sometimes the privacy settings on your favorite apps or social networks can be esoteric. But taking the time to review these settings can ensure that you take full advantage of your legal protections.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

What You Need to Know about Privacy Statements and Cookies

At times, online privacy statements are lengthy, convoluted texts of boring legal jargon. Yet, it seems like…

[Read More]

What Happens If Your Investment Account Gets Hacked

You spend most of your adult life saving for retirement, assuming that the money you put away…

[Read More]

How DNSBLs Work: Avoid Getting Blacklisted

When you open your email client, type a message, and hit “send” it seems so easy. You…

[Read More]
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]

How to Keep Your YouTube from getting Demonetized

You finally did it–you hit all of the markers for acceptance in the YouTube Partner program, and…

[Read More]

How to Stay Out of Facebook Jail

Many of us have been there before–behind the proverbial bars of social media punishment. We’re left shocked…

[Read More]