I want to update everyone on a blog post from June; in case you missed it or just want to catch up, you can find it here.

On June 28, 2018, California Governor Jerry Brown signed into law the California Consumer Privacy Act of 2018. This law will go into effect in 2020. What does this act do?

“The Act (the full text of which is available here) gives consumers (defined as natural persons who are California residents) four basic rights in relation to their personal information:

1. The right to know, through a general privacy policy and with more specifics available upon request, what personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold;

2. The right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent there, or their parent’s, opt-in);

3. The right to have a business delete their personal information, with some exceptions; and

4. The right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.”

Source: https://privacylaw.proskauer.com/2018/07/articles/data-privacy-laws/the-california-consumer-privacy-act-of-2018/

Who has to follow this new act?

It affects any “for-profit businesses that collect and control California residents’ personal information, do business in the State of California, and: (a) have annual gross revenues in excess of $25 million; or (b) receive or disclose the personal information of 50,000 or more California residents, households or devices on an annual basis; or (c) derive 50% or more of their annual revenues from selling California residents’ personal information.”

Source: https://privacylaw.proskauer.com/2018/07/articles/data-privacy-laws/the-california-consumer-privacy-act-of-2018/

The fines that accompany this act are hefty; the civil penalty for any business that intentionally violates this can be upwards of $7,500 per violation, with statutory damages of $100-$750 per California resident per incident.

How does this affect everyone not in California?

For one, this is setting a precedent for changes to privacy laws across this U.S. More so, it affects companies not only within California but outside of California as well, since they must now comply with California law if they do business with California residents. Websites and large data providers will need to update data collection procedures. Those of us working in media who use third-party data segments will need to be extra cautious with the data we are using, so that we are compliant as well.