Where the GDPR and CCPA go wrong
California's CCPA privacy act went into effect on January 1. The intent is to bring a European-style right to privacy, consent and transparency on the internet, and especial ad tech, to a country that has tended to treat this as a matter for the market even if consumers don't actually have a choice. Now they do, sort of. Unfortunately, the first result is confusion: vague drafting means a lot of companies say they're unsure how they're affected. It also seems to require that you put up a big button saying 'don't sell my data' even if you use, say, Google Analytics, which is not a great way to build an informed choice about privacy. More interesting, though: this is part of a trend for lots of jurisdictions to create their own rules for the internet, and they often want to apply those rules outside their own borders: CCPA covers data for anyone legally resident in California even when they're outside California - but how can a company tell if a user who's in New York when they use your product actually lives in LA? Ultimately, fragmented regulation means 1: cost, complexity and confusion (all of which favours incumbents over startups), and 2: a pressure towards running everything to meet the harshest possible rules (a lowest common denominator effect), wherever they are. And finally, the push-back on cross-site ad tracking that comes from things like CCPA and GDPR on one hand and Apple's clampdown on tracking on Safari on the iPhone on the other makes Google and Facebook's closed systems that much stronger.
If you think something is important but people older than you don't hold it in high regard, there's a reasonable chance that you're right and they're wrong. Status lags by a generation or more.