On June 29, 2018, the State of California enacted the California Consumer Privacy Act of 2018 (the “Act”). The Act establishes the right of residents of California to:
- know what personal information is being collected about them;
- know whether their information is sold or disclosed and to whom;
- limit the sale of their personal information;
- access their information held by others; and
- obtain equal service and price, even if they exercise their privacy rights.
The Act will also allow consumers to have their data erased and will establish opt-in consent for persons under 16.
The Act, which is the first of its kind in the United States, was inspired by the recent European Union’s General Data Protection Regulation (GDPR) which became effective in May of 2018 and provides similar rights to EU citizens.
The Act applies to businesses doing business in California that collect personal information and satisfy one of these three requirements:
- have $25M+ in annual revenues,
- derive 50%+ of its revenues from selling consumer data, or
- annually buy, receive, sell or share for commercial purposes the personal information of 50,000 or more consumers.
The third prong threshold will ensnare even small retailers as a company with 137 unique transactions per day will be covered.
The Act allows enforcement by the Attorney General and will establish a Consumer Privacy Fund to support the purposes of the Act. The Act also provides a new private right of action for data breaches including a right to seek statutory damages of $100 to $750 per violation. Suit may be brought individually or as part of a class action.
A link to the new law may be found here.
No comments yet.