California Consumer Privacy Act: What You Need to Know

The California Consumer Privacy Act, A.B. 375 was passed by the California state legislature earlier this summer in response, partly, to the active lobbying efforts of Californians for Consumer Privacy.

The new law is scheduled to take effect at the beginning of 2020 and shares many similarities with its continental counterpart – Europe’s General Data Protection Regulation.

What do you need to know?

1. Like GDPR, the law includes a broad definition of “personal information”.   We expect that regulatory agencies and governing bodies in the US will continue to adopt a GDPR-like approach to personal information – classifying device identifiers and certain data points (like IP address) as personal information.
2. The law gives California residents an arsenal of new rights to control how personal data companies collect and use their personal data – including rights of deletion and access.
3. The law has reinvigorated a healthy debate about federal privacy legislation as companies contend with the challenges of enforcing privacy regulation at the state level.
4. While the law is slated to take effect in 2020, strong lobbying efforts by the tech industry have many speculating that the legislation will not endure in its current form.  In fact, several amendments are already on the table for legislative review.

We will keep you advised of any significant changes to the statute.  

Published September 11, 2018
Written by Tiffany Morris, Lotame’s General Counsel and VP of Global Privacy