The start of a new year often brings changes, and for enterprise security teams when the calendar rolled over to 2020 it brought with it the beginning of the CCPA era. The new California Consumer Privacy Act went into effect on Jan. 1, requiring businesses to be clear about the data they collect on consumers and offer simple mechanisms for them to opt out of collection, among other things.
CCPA has a broad definition of personal information, which includes basically anything that can be connected directly or indirectly to a specific person or even a household. That data includes things such as names, home addresses, Social Security numbers, email addresses, IP addresses, driver’s license numbers, and other identifiers. The law requires companies to make it simple for consumers to refuse the sale of their data and allow people to request access to whatever data a business has collected on them.
In order to comply with the requirements of CCPA, which applies to many companies that do business in California, enterprises are making changes to their data collection and retention policies. One of the companies making changes is Mozilla, which will soon allow individuals to request that Mozilla delete all of the telemetry data it has collected about their Firefox sessions. In the next version of Firefox, due for release on Tuesday, Mozilla will provide a simple mechanism in the browser to ask the company to delete all past data it has collected on their browsing.
"We don’t think people should have to choose between the technology they love and their privacy."
Telemetry data is not the same as personal data and generally just includes information about the browser’s performance, any crashes or other anomalies, and how long a person’s browsing session was. Most browsers collect some kind of telemetry data, as do many other applications, including security tools. Mozilla has decided that with the advent of CCPA, now is the time to give people the opportunity to have their data erased.
“We don’t collect telemetry in private browsing mode and we’ve always given people easy options to disable telemetry in Firefox. And because we’ve long believed that data should not be stored forever, we have strict limits on how long we keep telemetry data,” said Alan Davidson, vice president of global policy, trust, and security at Mozilla.
“We’ve decided to go the extra mile and expand user deletion rights to include deleting this telemetry data stored in our systems. To date, the industry has not typically considered telemetry data “personal data” because it isn’t identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem.”
The change applies to all Firefox users, not just those living in California. Davidson said the move is part of Mozilla’s effort to make privacy easier and more accessible for its users.
“For Firefox, privacy is not optional. We don’t think people should have to choose between the technology they love and their privacy. We think you should have both. That’s why we are taking these steps to bring additional protection to all our users under CCPA,” he said.