CCPA’s most visible effect has been a plague of website popups on California residents. But the law also applies to offline data collection. B8ta’s new signs and disclosures show how the CCPA might shed more light on the way brick and mortar businesses use Wi-Fi routers and other in-store sensors to try and match the customer analytics and tracking of online retailers and ad networks.California legislators rushed to pass CCPA in 2018 to head off a stricter ballot initiative on privacy whose sponsors had collected more than 600,000 signatures. In the process, a provision allowing citizens to sue for violations was removed, leaving the state attorney general as the sole enforcer. But CCPA is in some ways broader than GDPR, the influential European Union privacy law that came into force in 2018.California’s law defines personal information more liberally, to include data about a household, which GDPR does not, for example. CCPA also requires companies to disclose details of how they sell personal data and allow consumers to opt out of any sales, using a broad definition of “sell” that includes trading data for anything of value.
Mary Stone Ross, a lawyer and former CIA analyst who coauthored the initiative that led to CCPA, says it was partly inspired by research on use of in-store tracking by retailers. “It was very clear that in order for the CCPA to be effective, it had to cover all collection of all information, not just online collection,” she says.