As a result of a new privacy law in California, many businesses have reduced the amount of data that they collect:
Last year, a major U.S. airline went looking for all the things it knew about its passengers. Among the details it had gathered, the company found, were consumers’ food preferences—information that seems innocuous but that could also reveal a passenger’s religious beliefs if they select a kosher or halal meal. So the airline decided to stop saving the food-preference information, according to Integris, the data privacy startup that helped the airline review its data practices. (Integris declined to name its client.)
Instead, the airline will ask passengers what they’d like to eat before every flight.
Recently, treasure hunts like this one have been taking place across industries and all around the country. Companies are mapping the data that they own, and some, like the airline, are proactively scrubbing sensitive information to avoid trouble.
When companies cut back on hoarding sensitive data, consumers win. Less of their private information is susceptible to data breaches and leaks, viewable by unscrupulous company insiders, or available to be sold to data brokers or advertisers.
This is a surprising turn: Data about consumers can be wildly lucrative—it fuels a $100 billion-plus digital-advertising industry, among other things—and companies generally like to gather as much of it as they can. But something changed this year. A new state law, the California Consumer Privacy Act, or CCPA, has turned data from an unadulterated asset into a potential liability.
The CCPA, in effect since Jan. 1, grants several new digital rights to Californians. They can now ask companies for a copy of the information the firms know about them, limit how that data is shared or sold, and demand that it’s deleted altogether.
Businesses also have to disclose new details about the personal information they gather and who they share it with.
Many companies have been setting up new tools to allow Californians to exercise these new rights, and some, such as Microsoft, have extended them to all their customers. But the law has had a second-order effect, too, that has an impact on almost every consumer: It has pushed some firms to slim down their troves of personal consumer data.
That’s because the CCPA’s new transparency requirements make it less attractive to hoover up everything there is to know about consumers. By gathering less, a company can avoid having to make damning disclosures about what kinds of data it keeps, and potentially turn privacy into a selling point.
Plus, companies can now get in legal trouble if they’re found to have not taken “reasonable” measures to safeguard particularly sensitive data such as Social Security numbers—a good reason to just get rid of that information if they don’t need it.
“That’s a huge incentive for companies not to collect those categories of information unless they absolutely need to,” says Ross, who co-authored the California ballot initiative that led to the CCPA.
This is an unalloyed good, because privacy is an unalloyed good.