The California Consumer Privacy Act (“CCPA”) of 2018 went into effect on January 1st, 2020 changing the entire landscape in the United States and above. It is the first U.S. privacy regulation that impacts all industries and although California is the first state globally regulating the subject, other states are following in California’s footsteps and this year should be rhythmed by the promulgation of several privacy state laws[1] potentially leading to a federal preemption (already in discussion[2]).
Inspired by the European regulations[3], the CCPA is however different and broader in some regards, consequently, national and international businesses – doing business in California or collecting California resident’s information – complying with the already strict GDPR may still have to update their privacy policies and configure systems in order to meet consumers requests for disclosure, delivery and/or deletion, to conform with the CCPA requirements and avoid penalties.
Is my business covered?
The scope of the California act is staggering, with extremely broad definitions for “businesses” covered, as well as “personal information” and “consumers”, it leaves very slim chances of not being affected. Therefore, if you collect – online or physically – and/or sale any type of users or consumers information you are probably covered by the CCPA, whether your offering is exclusively Business to Consumer or Business to Business.
What if I don’t comply?
Although the California Attorney General will not bring enforcement actions prior to July 1st, 2020, consumers can already enforce the regulation through a private right of action – individually or as a class – and non-compliant businesses risks severe monetary penalties in the form of statutory or actual damages. The attorney General can seek up to $7500 per violation and consumers can recover up to $750 per consumer, per incident (whichever is greater). The addition of violations / plaintiffs could put a business at risks.
To know if your business is covered and what are the preventative measures to take to avoid sanctions, contact us today for a first free consultation and quote.
An article by our Service Provider Member, Olfa B’Chir and Paul Menes, Head of Entertainment Department and Media Practice
ADLI Law Group
(213) 537-1240
[1] Illinois, Texas, Oregon, New Hampshire, Washington, New York, Connecticut, Maine.
[2] In November 2019, two proposals were released in the Senate: The Consumer Online Privacy Rights Act (COPRA), sponsored by Senate Democrats, and the United States Consumer Data Privacy Act of 2019 (CDPA), proposed by Senate Republicans
[3] The General Data Protection Regulation 2016/679 (“GDPR”)