• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

California Approves the California Consumer Privacy Act in Response to Consumer Privacy Ballot Initiative

July 2, 2018 By David Caplan

As discussed in this blog’s June 4, 2018 blog post, a group called Californians for Consumer Privacy gathered enough signatures for a new measure called the Consumer Right to Privacy Act to qualify for the November 2018 ballot.  With momentum building for passage of that ballot measure, various stakeholders met with California legislators to devise a bill that could be passed in place of the measure (and to the satisfaction of the measure’s backers).  The legislature and governor had until last Thursday, June 28 – the deadline for the measure’s backers to remove it from the November’s ballot – and meeting that deadline passed The California Consumer Privacy Act of 2018 (CCPA). 

The CCPA represents a significant expansion of consumer privacy regulation in the United States. As in the proposed ballot measure, the CCPA sets forth a statutory framework that: 1) gives California consumers the right to know what categories of personal information a business has collected about them; 2) gives California consumers the right to know whether a business has sold or disclosed their personal information and to whom; 3) requires businesses to stop selling a Californian’s personal information upon request; 4) gives California consumers the right to access their personal information; 5) prevents businesses from denying equal service and price if a consumer exercises the above rights; 6) provides California consumers with a private right of action.

But the CCPA goes beyond the scope of the original ballot initiative and, in so doing, moves significantly closer to imposing GDPR-style requirements on businesses that possess or control personal information regarding residents of California.  The statute establishes a new right of access, which requires businesses to disclose on request the personal information held about the requesting consumer.  If the response is in electronic format, then the information must be in a portable format, echoing the GDPR’s new right to data portability.  The law also creates a new right to deletion of personal information, which roughly aligns with the European Union’s right to be forgotten.

The CCPA becomes effective on January 1, 2020.  Notably, because the CCPA was rushed through the legislature to meet the above mentioned deadline, it will more likely be subject to amendments and other changes before going into effect. 

This post is based on our initial review of the new law.  We will follow with a more detailed assessment of the impacts on business in subsequent postings.

Filed Under: Ballot Initiatives, California, Legislation, Online Privacy, Privacy, Privacy Policy Tagged With: California Consumer Privacy Act (CCPA)

About David Caplan

David Caplan is an associate in Alston & Bird’s Technology Group and Privacy & Data Security Team with experience in intellectual property litigation.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules
  • The GDPR Reaches the US Supreme Court in Cert Petition
  • Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing
  • NYDFS Reports Major Cybersecurity Settlement
  • Virginia Becomes First State with Comprehensive Privacy Law after CCPA
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.