According to AdAge, “every brand, agency and tech company under the sun will be impacted.” The law applies to businesses who collect, use, or share personal information of California residents, including residents who are temporarily outside California for purposes of travel.
On the heels of the EU’s General Data Protection Regulation (GDPR) in late May 2018, America’s most populous state passed a new consumer privacy law which goes into effect in January 2020.
California passed the toughest online privacy legislation in the U.S. on June 29, 2018, California Consumer Privacy Act of 2018 (“CCPA”).
Related: “But What Does GDPR Mean For Me?” (The Travel Vertical, May 23, 2018).
BILL SUMMARY:
- Right to know all data collected by a business on you (twice annually free of charge).
- Right to say no to the sale of your information.
- Right to delete your data.
- Right to be informed of what categories of data will be collected about you prior to its collection, and to be informed of any changes to this collection.
- Mandated opt-in before sale of children’s information (under the age of 16).
- Right to know the categories of third parties with whom your data is shared.
- Right to know the categories of sources of information from whom your data was acquired.
- Right to know the business or commercial purpose of collecting your information.
- Enforcement by the Attorney General.
- Private right of action regarding data breaches only.
Is California just the beginning? Read more here.