decentralized-id.github.io/_posts/government/usa/2020-12-04-california.md

131 lines
19 KiB
Markdown
Raw Normal View History

2023-06-09 21:50:56 -04:00
---
date: 2020-12-04
title: "California: SSI, Policy, Blockchain, and Vaccine Records"
description: Blockchain, Verifiable Credentials, Policy, Smart Healthcard Framework, and other information related to SSI in the state of California
excerpt: >
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
category: ["Government"]
tags: ["USA","CCPA","California","IAB","IAPP","CPRA","SMART Health Card","Covid 19","Trust Framework"]
permalink: government/usa/california
redirect_from:
- /government/usa/regulations/california/ccpa/
2023-06-10 00:08:21 -04:00
last_modified_at: 2023-06-10
2023-06-09 21:50:56 -04:00
---
* [VCs Policy Committeee (California) Participate in passing legislation to create a California Trust Framework!](https://iiw.idcommons.net/21B/_(California)_Verifiable_Credentials_Policy_Committeee_-_Come_learn_about_how_participate_in_passing_legislation_to_crete_a_California_Trust_Framework!) 2021-05-06 IIW, IDcommons Kaliya Young, Ally Medina [Slides](https://docs.google.com/presentation/d/1VyxmWan3qbxynxhKvw1CHhWZINiPRF9gjeqSCSDh1MY/edit?usp=sharing)
> discussed how the Blockchain Advocacy Coalitions sponsorship of [AB 2004](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB2004) pushed verifiable credentials into mainstream political discourse and how companies can help us shape public policy and government pilot programs of Verifiable Credential technology.
>
> We are planning on working with legislators to introduce a bill that creates a California Trust Framework and lays the groundwork for use of the technology in the public and private sector.
## Blockchain
* [California Legalizes Blockchain-based Vital Records](https://mobileidworld.com/california-legalizes-blockchain-based-vital-records-410031/) 2022-10-03 MobileDataWorld
> As [an abstract of the bill](https://trackbill.com/bill/california-senate-bill-786-county-birth-death-and-marriage-records-blockchain/2043852/) explains, while existing law requires such records “to contain certain information and to be printed on chemically sensitized security paper, as specified,” the new legislation enables a county recorder to, upon request, issue a birth, death, or marriage record “by means of verifiable credential, as defined, using blockchain technology, defined as a decentralized data system, in which the data stored is mathematically verifiable, that uses distributed ledgers or databases to store specialized data in the permanent order of transactions recorded.”
* [California Moves Forward to Allow Vital Records to be Issued on Blockchain](https://www.coindesk.com/policy/2022/09/29/california-moves-forward-to-allow-vital-records-to-be-issued-on-blockchain/) Coindesk 2022-09-29
> [approved another on Wednesday](https://www.gov.ca.gov/2022/09/28/governor-newsom-issues-legislative-update-9-28-22/) that instructs county records offices to [allow for the use of blockchain technology](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202120220SB786) and verifiable credentials. The technology would be established in the distribution of birth, death and marriage records, allowing PDFs to be sent immediately rather than using a typical 10-day postal delivery. 2022-09-28
* [Soulbound Tokens, Trust Networks, and California's Big Test](https://wrenchinthegears.com/2022/05/28/soulbound-tokens-trust-networks-and-californias-big-test/) 2022-05-28 Wrenchinthegears
> California [SB1190](https://sd18.senate.ca.gov/news/342022-hertzberg-announces-new-blockchain-legislation-creating-%E2%80%9Ccalifornia-trust-framework%E2%80%9D) that would establish a “Trust Framework” at the state level. This bill was introduced to the state senate in early March by Robert Hertzberg, close friend of Los Angeles billionaire investor Nicholas Berggruen
* [Crypto Regulatory Affairs: Governor of California Signs Blockchain Executive Order](https://www.elliptic.co/blog/crypto-regulatory-affairs-governor-of-california-signs-blockchain-executive-order) 2022-05-09 Elliptic
> On May 4th, California Governor Gavin Newsom signed into effect a [“Blockchain Executive Order”](https://www.gov.ca.gov/2022/05/04/governor-newsom-signs-blockchain-executive-order-to-spur-responsible-web3-innovation-grow-jobs-and-protect-consumers/)
>
> “[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”.
* [Blockchain in California](https://www.govops.ca.gov/wp-content/uploads/sites/11/2020/07/BWG-Final-Report-2020-July1.pdf) 2020-07
> Blockchain technology has captured the attention of individuals far beyond the circles of computer scientists and cryptocurrency enthusiasts that initially sparked its development. The themes of distributed authority, decentralized governance, self-sovereign identity, and data privacy appeal to those who favor reducing hierarchy and increasing personal agency. The field has evolved in recent years to explore applications in the public sector and in private enterprise where regulation is a consideration.
* [CAs 2020 Blockchain Legislative Roundup](https://blockadvocacy.medium.com/cas-2020-blockchain-legislative-roundup-89cdd3bad25c) 2020-10-30
> AB 2004 (Calderon, Whittier) marked the first time verifiable credentials saw legislative debate. The bill to allow the use of verifiable credentials for covid-19 test results and other medical records made it through both houses with bipartisan support. Due to state budget restraints, it was ultimately vetoed, however the concept gained significant legislative momentum quickly. We are actively working on our strategy for verifiable credentials policy next year.
## Vaccine Records
* [Welcome to the Digital Vaccine Record (DVR) portal](https://myvaccinerecord.cdph.ca.gov/)
> Get a digital copy of your vaccine record. Just enter a few details below to get a link to your COVID-19 Vaccine Record with a QR code or your California Immunization Record. Save it on your phone and use it as proof of vaccination wherever you go.
* [SMART Health Card Framework](https://vci.org/about#smart-health) 2022
* [California unveils system to provide digital COVID-19 vaccine records](https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records) 2021-06-18
> California has launched a COVID-19 vaccine verification system that provides digital replicas of the traditional wallet-size paper cards, in an effort that officials say will make it easier for residents to supply proof of inoculation if needed.
* [California Digital Vaccine Record based on VCs](https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0191.html) 2021-06-18 Heather Vescent
> To achieve this purpose, the founding members of VCI™ have collaborated to develop (1) the SMART Health Cards Framework Implementation Guide based on the World Wide Web Consortium (W3C) Verifiable Credential and Health Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: Vaccination & Testing Implementation Guide.
## Data Broker Registry
* [Data Broker Registry](https://oag.ca.gov/data-brokers) State of California Department of Justice
> [California law requires a data broker](http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1202), as defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the [definition of a data broker](https://iapp.org/news/a/california-data-broker-registrations-who-made-the-list-on-jan-31/).
>
> You can search by the name of the data broker, or simply scroll through the list
## California Consumer Privacy Act (CCPA)
* [State of California Department of Justice - California Consumer Privacy Act (CCPA)](https://oag.ca.gov/privacy/ccpa) - Office of the Attorney General
> The [California Consumer Privacy Act of 2018 (CCPA)](http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including:
> - The right to know about the personal information a business collects about them and how it is used and shared;
> - The right to delete personal information collected from them (with some exceptions);
> - The right to opt-out of the sale of their personal information; and
> - The right to non-discrimination for exercising their CCPA rights.\
> Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
* [California Consumer Privacy Act of 2018](https://iapp.org/resources/article/california-consumer-privacy-act-of-2018/) (IAPP)
> The IAPP created this html version of the CCPA in order to provide a way to easily link to specific sections when referring to them in our articles. Please feel free to use the following method to do the same. To link to specific sections, links can be copied from the table of contents.
* [Our Input to the California Privacy Protection Agency (CPPA) Pre-Rulemaking Stakeholder Sessions](https://me2ba.org/our-input-to-the-california-privacy-protection-agency-cppa-pre-rulemaking-stakeholder-sessions/) 2022-05-18 Me2BA
> California is a major center of new privacy law and regulation, creating opportunities for internet safety advocates to help design policies that will ripple out well beyond the states borders. Their Privacy Rights Act (CPRA), passed by ballot proposition in 2020, created the California Privacy Protection Agency (CPPA), which seems to be getting closer to initiating its first formal rulemaking process.
* [Me2BA provides human-centered recommendations to the California Privacy Protection Agency](https://internetsafetylabs.org/blog/news-press/me2ba-provides-human-centered-recommendations-to-the-california-privacy-protection-agency/) 2021-11-10
> The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPAhas full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General
* [What is the California Consumer Privacy Act (CCPA)?](https://www.logicworks.com/blog/2019/03/what-is-the-ccpa/) 2019-03
> GDPR was implemented on May 25, 2018 to standardize the data protection law across all 28 European Union (EU) countries. It requires businesses to protect consumers personal data for transactions that occur within the EU and affects any US business that operates in the EU.\
> Unlike GDPR, CCPA only applies to businesses in the state of California, not the European Union. CCPA also focuses on selling personal information for profit, whereas GDPR focuses on data ownership and rights of deletion.\
> ![](https://i.imgur.com/7g4UdbA.png)
* [California Consumer Privacy Act](https://www.americanbar.org/groups/business_law/publications/committee_newsletters/bcl/2019/201902/fa_9/) 2019 American Bar Association
> It is obvious to even the most tech illiterate by now that regulations over data are becoming more onerous and intrusive against what was more of a wild west type scenario in the early days of data sharing. The latest proof of this is in the newly enacted General Data Protection Regulation (GDPR) in the European Union effective on May 25, 2018 (it happens to be my birthday), and in the shadow of the pending U.S. Encrypt Act, and the most recent states effort to tighten the data screws for which the poster child currently is Californias new regulation, California Consumer Privacy Act (CCPA) that sets the bar higher than ever before for U.S. companies regarding data privacy regulation. If the bill comes into law in its present form, which this author believes it will not, then companies doing business in the U.S. will require almost the same data privacy controls and capabilities that multinationals need to do business in the European Union require today with some rather ideological exceptions. As always, “failure to protect the data” signals the same need GDPR has for end-to-end encryption, portability, conformity, and data residency.
### CCPA Resources
* [California Consumer Privacy Act Info](https://ccpa-info.com/)
> Section headings have been added for convenience and are not a part of the official text. The statute reflects amendments passed in 2019. A summary of those amendments can be found on the Amendments page.
* [A quick reference guide for CCPA compliance](https://www2.deloitte.com/us/en/pages/advisory/articles/ccpa-compliance-readiness.html) 2019-05-29 Deloitte
> The California Consumer Privacy Act (CCPA) goes into effect January 1, 2020. Is your organization prepared? Discover how the General Data Protection Regulation (GDPR) has paved the way for CCPA compliance initiatives.
> ![](https://i.imgur.com/tGeU9PO.png)
* [DigitalAdvertisingAlliance Business Resources for California Consumer Privacy Act (CCPA)](https://digitaladvertisingalliance.org/ccparesources)
* [Privacy Rights Icon Creative Guidelines](https://digitaladvertisingalliance.org/DAA_style/ADS/Privacy_Rights_Icon_Creative_Guidelines.pdf)
* [Participate in the CCPA Opt Out Tool for Web and Mobile Web (California)](https://digitaladvertisingalliance.org/integrate-webchoices-ccpa)
* [Technical Description](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_Opt_Out_Tool_Technical_Description.pdf)
* [Participate in the CCPA Opt Out Tool for Apps (AppChoices)](https://digitaladvertisingalliance.org/integrate-appchoices)
* [Technical Description](https://digitaladvertisingalliance.org/DAA_style/ADS/AppChoices_CCPA_Opt_Out_User_Flow_Technical_Description.pdf)
* Frequently Asked Questions
- [Publishers](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Publishers.pdf)
- [Brands & Advertisers](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Advertisers.pdf)
- [Agencies](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_Agencies.pdf)
- [AdTech Companies](https://digitaladvertisingalliance.org/DAA_style/ADS/CCPA_FAQ_AdTech.pdf)
### IAB
* [IAB Releases the IAB CCPA Compliance Framework for Publishers & Technology Companies and the Limited Service Provider Agreement](https://www.iab.com/blog/ccpa-compliance-framework/)
> In an ongoing effort to promote the principles of transparency, accountability, and choice that are the basis of the California Consumer Privacy Act, today we are releasing version 1.0 of the IAB CCPA Compliance Framework for Publishers & Technology Companies, as well as the accompanying Limited Services Provider Agreement. The release of these two documents accompanies the IAB Tech Labs release of version 1 of the technical specifications of CCPA-related signals earlier this month.
* [IAB CCPA Compliance Framework for Publishers & Technology Companies](https://www.iab.com/guidelines/ccpa-framework/)
> The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information. In many ways, the CCPA is a first of its kind law in the United States: an omnibus statute that seeks to create broad privacy and data protection rules that apply to all industries doing business in one jurisdiction, California, rather than focusing on a single sector or specific data collection and use practices. The CCPA was created in response to changing public perceptions. Users, rightfully, want to understand and have the option to exercise control over their own data.
* [Integration with IAB CCPA Framework Technical Specifications](https://support.google.com/authorizedbuyers/answer/9658888?hl=en)
> Google is not currently a signatory to the IAB Privacys Limited Service Provider Contract. We have however integrated with the IAB CCPA Framework v1.0 Technical Specifications in Authorized Buyers as detailed below.
* [InteractiveAdvertisingBureau/USPrivacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy)
> The IAB CCPA Compliance Framework is comprised of policy and technical work to support CCPA compliance. These documents are the work product of the IAB Tech Labs CCPA/U.S. Privacy Technical Working Group. Policy requirements were developed by a legal affairs group at IAB in the US. The technical specifications documents refer to the guidance within IAB CCPA Compliance Framework Policies.\
> [...]\
> Relevant Specification Documents
> - [US Privacy String](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md)
> - [USP API](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/USP%20API.md)
> - [OpenRTB Extension for US Privacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/OpenRTB%20Extension%20for%20USPrivacy.md)
> - [Data Deletion Request Handling](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/Data%20Deletion%20Request%20Handling.md)
> - [CCPA reference implementation](https://github.com/InteractiveAdvertisingBureau/CCPA-reference-code)
## CPRA
* [The California Privacy Rights Act of 2020](https://oag.ca.gov/system/files/initiatives/pdfs/19-0021A1%20%28Consumer%20Privacy%20-%20Version%203%29_1.pdf)
* [California Privacy Rights and Enforcement Act is passed by voter ballot](https://www.pwc.com/us/en/services/consulting/cybersecurity/california-consumer-privacy-act.html) - PwC
> CPRA builds upon the California Consumer Privacy Act of 2018 (CCPA) to strengthen consumers privacy rights.\
> [...]\
> California consumers have new rights:
> - to correct their personal data
> - opt out of proximate geolocation tracking
> - browse without pop-ups\
> Companies must:
> - minimize their retention of Californians personal data
> - further restrict collection and use of sensitive personal data
> - provide consumers greater transparency around “profiling” and “automated decision-making”
> - regularly assess high-risk data processors\
> [...]\
> **CPRA applies to personal information collected after January 1, 2022, and comes in force on January 1, 2023**.