In June 2018, California passed AB 375, or the California Consumer Privacy Act (CCPA). This landmark digital privacy law went into effect on January 1, 2020. It gives consumers an unprecedented level of transparency into the workings of data collection. California residents can now see exactly what personal information has been collected and how it has been interpreted, even being able to request for their personal data to be deleted or to opt-out of their data being sold. At first glance, this law seems like a panacea for those with privacy concerns.

However, impacted technology companies, such as Google, Apple, and Facebook, have agreed to disagree: to these companies, the new requirements set by the CCPA are difficult to comply with. Each company now has to radically change and adapt their data collection mechanisms to abide by the law. Therefore, the operative definition of “data selling” is still unclear. For example, Google does not classify the transfer of personal information to a service provider as a sale, so selecting the “Do Not Sell My Personal Information” only does so much to inhibit the distribution of personal data.

On the other hand, Uber has followed a stricter interpretation of the law, allowing its users to opt out of sharing data with Facebook for ad-targeting, even though it is not explicitly defined as data selling. Although the CCPA is still being heavily contested, it represents a step in the direction of respecting consumers’ constitutional right to their privacy.