By Timothy Long and Kristopher Peerali
The recently-enacted California Consumer Privacy Act of 2018 (the Act or CCPA) is a game-changer for many reasons. For a California-based company or one that handles personal information of California citizens, the CCPA will greatly impact many core business operations. The Act imports European General Data Protection Regulation (GDPR)-style rights regarding data ownership, transparency, and control.1 It also contains features that are new to the American privacy landscape, including "pay-for-privacy" (i.e., financial incentives for the collection, sale, and even deletion of personal information) and "anti-discrimination" (i.e., a prohibition against using different pricing or service-levels for consumers who exercise privacy rights, unless such differentials are "reasonably related to the value provided to the consumer of the consumer’s data").2 Needless to say, practitioners will have their hands full grappling with the CCPA. This article provides an overview of key provisions of the CCPA, efforts underway to clarify issues not addressed by the CCPA, and practical tips and considerations for practitioners.
Background (Why the CCPA was enacted)