The California Consumer Privacy Act was supposed to help consumers who wanted to control the data they turned over to major tech companies. But so far, according to TechCrunch, companies are clinging to ways to keep data, and some of the startups that have sprung into existence to help companies comply with the law are failing, too.

• More invasive than the status quo: To comply with the law, some websites offer links to data portals, where California users can see what data has been collected and delete it. But many other companies have tried to hide these opt-out clauses. One Californian told TechCrunch that some companies were using “dark pattern” designs to trick users. 

• A majority of companies are out of compliance: A PwC study found that 40% of the nation’s biggest companies had a data portal for California users to access. Only a fraction of those companies had a data portal that users outside California -- where no privacy laws are yet on the books -- could access. 

• The other problem with data portals: Companies must ensure they’re verifying the identiy of any users that request to view their data to prevent fraudsters from accessing it. 

Startups have made services to help consumers and companies with data storage  

But even they may have a difficult road ahead. The startup Mine accidentally released sensitive data of two of its customers during a PR push. And to be able to help customers manage the data taken by outside companies, Mine has to gain access to their personal data, including customers’ email accounts. That’s what we call a digital Catch 22!  

The Verdict

Improved compliance is necessary, and it must arrive soon. In July, California will be able to begin enforcing its Consumer Privacy Act. And more states are expected to follow California’s lead in passing data collection laws.