The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of.
1. Effective date
The law is slated to go into effect on January 1, 2020. However, the California State Governing body has the choice of offering alterations to alter the law between now and its effective date, and alterations are predictable. Additionally, the California Attorney General is specifically authorized to adopt regulations to further the ruling’s purpose. So when assessing your duties and working toward obedience, keep in mind that the specific outlines of the law are subject to change, and as yet unwritten regulations will shed further light on how the law will be applied and forced.
2. Overall approach
Similar to the General Data Protection Regulation (GDPR) that recently went into effect in the European Union, the CCPA begins from the starting point of data privacy as a fundamental right (rather than, in most cases in U.S. law, as a sense of balance between consumer and business interests. A rights-based method to data privacy not only surrounds the content of the law, but can also affect its interpretation, potentially leaning in favour of protecting the individual even in the face of otherwise reasonable company actions.
The CCPA does not apply to all private objects. In only applies to an entity doing business in California that either (1) has annual gross revenues above $25 million, (2) annually buys, receives, sells, or shares the personal information of 50,000 or more California residents, households, or devices, or (3) derives 50% or more of its annual revenue from selling personal information of California residents.
4. Unique obligations
Similar to the GDPR, but unique in U.S. law, the CCPA make available for the following individual data privacy rights:
1. The right to identify the purpose of data collection and what types of personal data are being collected before the collection takes place.
2. The right to object a company’s sale of a consumer’s personal information.
3. The right for additional information about the personal information being collected.
4. The right to have one’s personal information deleted.
5. The right to know whether one’s personal information is disclosed to third parties (and to know which third parties information is disclosed to).
6. The right to not be discriminated against in terms of the price of a company’s services in the event an individual chooses to exercise his or her privacy rights.
The CCPA confers enforcement authority in the California Attorney General, which can force a fine of $2,500 per negligent violation (violations go beyond data breaches and include not complying with an individual’s data privacy rights), and $7,500 per intentional violation, and also delivers a limited private right of action to individuals for data breaches (which can include actual damages or set damages of up to $750 per consumer per incident).
In sum, the passage of the CCPA is a seismic event in U.S. data privacy law. While the scope of the law might change between now and its effective date, the future of U.S. data privacy law seems clearly to be trending in the direction of a more expansive, rights-based approach to privacy. Those companies that have already done of the work of being GDPR compliant are a step ahead; the CCPA proposes that many other companies will have to follow suit.
Note:- We try our level best to avoid any kind of abusive content posted by users. Kindly report to us if you notice any, [email protected]