Report: Facebook claims it doesn’t need to make policy changes under new California privacy law

The company says its third-party data collection doesn’t constitute “sales.”

SOPA Images/LightRocket/Getty Images
Originally Published: 

The California Consumer Privacy Act (CCPA) will take effect on January 1st. Facebook says it doesn’t plan to make any changes to comply with the new law.

Policing your information — The law centers on routine data transfers that allow big tech companies to sell user data to third parties. Rather than this data being readily available for sale, California will force websites with third-party trackers to allow users to opt out. These sites will need to add a button to their home page that reads “Do Not Sell My Personal Information.”

Facebook says it’s ready for this — Facebook recently stated that it doesn’t need to make any changes to its policies because it already complies with the new law, according to the WSJ. The company continues to push the idea that “sales” are completely controlled by third parties — therefore Facebook itself is not selling anything.

“Businesses already have the ability to manage whether they send data and how they send data to Facebook,” a spokeswoman from the company said in a statement.

Google sings a different tune — Alphabet Inc., on the other hand, is enforcing new protocols that force-stop sites from selling data if users have opted out. In direct contrast to Facebook’s response to the imminent law, a Google spokeswoman said the company’s new protocols are meant to “help [advertisers] as they work to comply” with the CCPA.

On the hunt for loopholes — Because the CCPA could curtail a portion of its revenue, Facebook is hoping to find upsides in the initial confusion caused by the new law. “With any big privacy regime, there’s a period of confusion, mistake, and opportunism,” said Chris Hoofnagle, an adjunct professor at the University of California, Berkely, School of Law. “And CCPA invites some opportunism because companies know they can’t be sued for any breach of privacy rules.”

This article was originally published on