January 13, 2020

An Overview from Startpage: GDPR & CCPA

What do we need to know about the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)?

Remember back in 2018, when your inbox was under an avalanche of privacy policy updates? If you live in California, you’ve probably noticed a similar surge as we carry on into 2020. All these updates are companies scrambling to get their privacy policies in order in response to two important pieces of legislation—GDPR and CCPA—both of which seek to give some control back to the public when it comes to the personal data that is collected about them.

While not a panacea, in the era of mass data collection, mass surveillance, and surveillance capitalism (https://news.harvard.edu/gazette/story/2019/03/harvard-professor-says-surveillance-capitalism-is-undermining-democracy/), such protections are signs of rising awareness and much needed protective action. “The use of personal information has continued to evolve in ways that many consumers find increasingly offensive, as the drive to track us across all our devices, all the time, continues to be the focus for many businesses,” says Alastair Mactaggart, founder of Californians for Consumer Privacy (https://www.caprivacy.org/).

One company you did not hear from, though, was Startpage. We have been offering world-class Google search results with our privacy policy and process that does not save your searches or your personal information since we launched back in 2006. We’re proud to say we didn’t have to update our terms and conditions, because, well, we’ve been compliant and protecting your privacy since Day 1 (https://www.startpage.com/en/about-us.html). Long before this legislation was ever proposed.

In the remainder of this post, we’ll take a look at what the legislation is trying to accomplish and highlight some of Startpage’s key privacy features. It’s noteworthy to share that we believe that this is only the beginning a huge wave of new legislation, which we plan to help keep our privacy-minded users up-to-date on.

First up! What is GDPR?

The European General Data Protection Regulation—better known as GDPR—went into effect in May of 2018. It is a sweeping set of laws outlining the digital rights of EU citizens (https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en) as it pertains to their personal information; it is some of the most robust in the world.

It aims to give EU citizens more control over their personal data by requiring companies handling that data to be much more transparent about how they do so.

GDPR defines personal information broadly: it covers information that can be used to identify an individual either directly or indirectly, and includes not only name, credit card number, email address, IP address, mailing address, biometric data such as facial scans, and the like, but information about a person’s health status, and even one’s ethnic origin, political opinions or sexual orientation.

Companies that handle personal information are now bound by much stricter regulations as to what they can collect, how they can collect it, and are required to be much more transparent with end users. For example, companies are required to provide a mechanism to allow users to discover what personal information about them is being stored, to request that they stop processing it, or that under certain conditions they take it down altogether—the so-called, “right to be forgotten.”

Firms found in violation of the terms set forth in GDPR are subject to fines.

Download the extension?
Install Startpage's private search browser extension.

The new kid on the block: CCPA

In the U.S., by contrast, digital privacy regulation is entirely more piecemeal (and partial), with one set of laws covering health information (HIPAA, FERPA), another children’s online data (COPPA), and so on. There is not yet any overarching protection, though we are finally seeing signs of that changing at the state level.

The California Consumer Privacy Act goes into effect on January 1, 2020. It shares many of the aims of GDPR, and additionally grants the right for California residents to request the companies that handle their personal data to delete and refrain from selling it. It applies to companies with $25M and up in sales—so its sights are set on Big Tech companies based in Silicon Valley, though other types of businesses will also be affected (https://www.vice.com/en_us/article/epgdwe/why-a-steak-in-california-comes-with-a-privacy-notice).

CCPA is much more of a work in progress than GDPR, though, as what constitutes compliance and how it will be enforced are very much up matters for debate (https://www.nytimes.com/2019/12/29/technology/california-privacy-law.html). Some companies, for instance, will offer all CCPA-style protections to all U.S. users, while others have said they will cancel your account should you choose to exercise your rights under CCPA.

Even if you are not a California resident, companies may extend their new transparency measures to all users, and other states are already debating putting similar measures on the books.

Things are starting to change. According to Chris Hoofnagle, adjunct professor at the University of California, Berkeley, School of Law, “There’s a moment of confrontation here where the industry is being forced to reckon with the idea that when you take data about people and send it to 30 different advertising companies who then give you money, that’s a data sale … No more ‘sharing’ data with ‘partners,’ and so on.” (https://www.consumerreports.org/privacy/california-privacy-law-ccpa-california-consumer-privacy-act/)

So while we’re a long way from true digital privacy across the board, this nonetheless constitutes important progress in the fight against gross corporate overreach when it comes to your personal information and your privacy.

Startpage’s thoughts on data privacy legislation at large.

If we’re ever to collectively gain back our privacy amidst the pervasive climate of surveillance capitalism, this type of legislation is absolutely crucial. We should all be rooting for it to succeed and to change the conversation on the widest scale.

Luckily, while politicians and tech giants are deciding the fate of the public’s right to privacy, you can continue to rely on Startpage to never collect or share information that can be used to identify you.

With Startpage, unlike other search engines, your data remains your data. We store no IP addresses, no personal user data, no tracking cookies—nothing relating to you or your searches. We just added a profile-free News feature (https://www.startpage.com/blog/product-updates/launching-unprofiled-startpage-news-tab/) and are looking to add more features in 2020 (https://www.startpage.com/blog/product-updates/a-penny-for-your-thoughts/).

Our Anonymous View feature extends privacy protections beyond your search data, shielding you from cookies, fingerprinting, social media trackers, and more (https://www.startpage.com/en/search/proxy-help.html). We started the movement towards private search when we were founded back in 2006, and since that time have been the world’s most private search engine. We refuse to compromise.

We’re HQ’d in the Netherlands, ensuring all of our users worldwide are protected by stringent Dutch and EU privacy laws, including GDPR, of course.

Start with Startpage, the world’s most private search engine, and make your search data privacy something you no longer have to worry about.

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default