GDPR one year later: The challenges organizations still face Watch Now

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide.

The CCPA, known as America's toughest privacy legislation, came into effect on January 1, 2020, offering Californian users data-protection rules better suited to today's world of data collection.

Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it.

SEE: Digital transformation: A CXO's guide (ZDNet special report) | Download the report as a PDF (TechRepublic)

Consumers also have a right to know whether their data has been sold, the right to prevent its sale in future, the right to request data be deleted, and the ability to sue for violations of CCPA.

If a business processes data on 50,000 users in California, the company in question has to comply with the CCPA.

While the law technically only applies to data processed about residents in California, Microsoft has already announced that it will roll out CCPA rights to all its US users so they can control their data.

The Californian proposal wasn't popular among Silicon Valley tech giants, but Mozilla notes it was one of the few companies to endorse CCPA from the outset.

Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The move would seem to make business sense too, saving Mozilla from having to ship a California-only version of Firefox and another version for the rest of the world.

The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths.

"We've decided to go the extra mile and expand user deletion rights to include deleting this telemetry data stored in our systems," said Alan Davidson VP of global policy, trust and security at Mozilla.

SEE: Microsoft: We're creating a new Rust-like programming language for secure coding

"To date, the industry has not typically considered telemetry data 'personal data' because it isn't identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem."

The new control will ship in the next version of Firefox due out on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.