Go to OpenReview Archive homepageSetting the Bar Low: Are Websites Complying With the Minimum Requirements of the CCPA?
Abstract: On June 28, 2018, the California State Legislature passed the California Consumer Privacy Act
(CCPA), arguably the most comprehensive piece of online privacy legislation in the United States. Online services covered by the CCPA are required to provide a
hyperlink on their homepage with the text “Do Not Sell
My Personal Information” (DNSMPI). The CCPA went
into effect on January 1, 2020, a date that was chosen
to give data collectors time to study the new law and
bring themselves into compliance.
In this study, we begin the process of investigating
whether websites are complying with the CCPA by
focusing on DNSMPI links. Using longitudinal data
crawled from the top 1M websites in the Tranco ranking,
we examine which websites are including DNSMPI links,
whether the websites without DNSMPI links are out of
compliance with the law, whether websites are using
geofences to dynamically hide DNSMPI links from non Californians, how DNSMPI adoption has changed over
time, and how websites are choosing to present DNSMPI
links (e.g., in terms of font size, color, and placement).
We argue that the answers to these questions are critical for spurring enforcement actions under the law, and
helping to shape future privacy laws and regulations,
e.g., rule making that will soon commence around the
successor to the CCPA, known as the CPRA.
0 Replies
Loading