It’s the second week of a new decade and there are already new regulatory changes that have major implications for corporate legal departments. On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect requiring businesses to alter privacy policies to abide by new consumer regulations for 2020 and beyond. Piggybacking on Europe’s General Data Protection Regulation (GDPR), CCPA sets new rights and requirements for the distribution of California consumers’ personal information. Corporations across the country, and perhaps internationally as well, will be impacted by this new law.
Companies that adapted to GDPR, otherwise considered the new global standard for data privacy protection and undoubtedly the inspiration for CCPA, will inherently attempt to use similar protocols for CCPA compliance. Tech giants like Facebook and Google might come out unscathed using this method, because they have the means and resources to resolve issues as they arise. But other organizations, who do not have the same budget, may encounter a few hiccups at the onset. Because, while similar, there are distinctive differences between the two laws.
What is CCPA and why is it significant?
The purpose of CCPA is to enhance privacy rights and consumer protection for the residents of California. It gives California residents the right to access their personal information, request that a business delete their personal information, and opt out of having their personal information disclosed or sold.
Furthermore, it opens the door for other states to pass similar legislation in the years to come, perhaps even at the federal level. So the cost of not enforcing such procedures can cost a company more later down the line due to fines. Therefore, commiting to meet these requirements now, will save money in the long run. Businesses need to be prepared to respond and adhere to such regulations now and potentially in the future.
How does CCPA differ from GDPR?
- 25 million in Revenue
- Or 50% of Revenue Comes from Selling PI
- Or Captures Data on 50K Residents
- Established in the EU
- Or Not Established and Offers Goods and Services to EU Residents
- Or Not Established and Monitors an Individual’s EU Behavior
Similar to GDPR, CCPA grants individuals the right to opt-out of the disclosure and sale of their personal information. This means businesses are obligated to add the opt-out option when accessing their website or mobile apps. However, CCPA does not provide all of the same consumer rights as GDPR. One of the most significant differences being that legal basis is not required for processing personal data.
Who will be most impacted by CCPA and how does this apply to the legal industry?
The implementation of CCPA will create a new and complicated world for data privacy. The biggest question is who will be the most impacted by CCPA? And the question everyone is dying to know – how does it apply to the legal industry? We will cover this and more in our next blog in this 3 part series. Stay tuned for the next blog!