Additional CCPA Regulations – An Illusion of Privacy

Privacy Plus+

Privacy, Technology and Perspective 

Additional CCPA Regulations – An Illusion of Privacy.  On March 15, 2021, California Attorney General Xavier Becerra approved additional, amended regulations under the California Consumer Privacy Act (“CCPA”).  

The newly amended CCPA Regulations prohibit “dark patterns” or deceitful user interfaces (Section 999.315h) when a user exercises her CCPA right to opt-out from sale of her personal information.  They also prohibit burdening consumers with confusing language or unnecessary steps in the process of opting-out of the sale of personal information.  The amended CCPA Regulations also provide for a uniform “opt-out icon,” which can be downloaded at the following link:

https://oag.ca.gov/privacy/ccpa/icons-download

Click on the following link to review a copy of the Final Regulations:

https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-add-adm.pdf

Prohibiting deceitful user interfaces, confusing language and other “dark pattern” practices all sound like they would help consumers exercise their California rights, at least while using traditional Web 2.0 interfaces (where platforms and companies maintain control over the information). But in our view, the benefit promised by these Regulations – like that of so much of privacy regulation emerging these days – is illusory. 

The illusory nature of “privacy” and/or “privacy rights” under the CCPA and other laws is evident, first, because no one reads privacy notices—no matter how simple, unconfusing, “plain English,” or uniform the notices, icons and so on are expected to be.  People don’t visit websites in order to read privacy notices. Websites are there for a purpose, to which privacy notices are distinctly a tangent. Therefore, what visitors can’t read quickly and efficiently, they don’t read at all, and to imagine that they will is to chase a ghost. 

Second, the internet itself is in the process of evolving.  We expect that the next iteration will be a highly decentralized, “Web 3.0” built on blockchain technologies.  In that event, a privacy paradigm that focuses on platforms or companies that collect and control information won’t address the issues associated with decentralized regimes, where users—not companies—will control their data.

Our prediction: As we move toward the Web 3.0, then concept of data privacy will be reformulated into one of data ownership, compensation for data use in commerce, and cybersecurity.  

Meanwhile, we don’t particularly object to the new Regulations. We’re just looking past the illusion of privacy.

---

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.