CCPA: The New GDPR Law in California

In June 2018, we told you about the European Union law that went into effect in May. Known as the General Data Protection Regulation (GDPR), it impacts not only businesses in the EU, but also those around the world that gather personal data from EU residents.

The intent of the law is to protect the private data of EU citizens by giving them more control over it.  GDPR also makes privacy the default position for businesses that collect this type of data.  They must protect it or violators will be forced to pay up to four percent of their annual global revenue.

For online marketers, GDPR means that companies must have a lawful reason for collecting data and can no longer hide consent language.

GDPR in California

With the passage of GDPR and recent data breaches at Wells Fargo and Cambridge Analytica, the State of California passed the California Consumer Privacy Act (CCPA).  The goals of CCPA are similar to that of GDPR: Give citizens more control over their information.

Lexology.com describes the new law as one that will change, “the landscape of privacy laws and compliance for many years to come.”

CCPA Core Principles

SecurityInfoWatch.com reports that CCPA has three fundamental rights at its core:

  1. The right to know what personal information is being collected;
  2. The right to know what personal information is being sold and/or shared with third parties and who those third parties are;
  3. The right to opt-out, or request that their personal information no longer be sold.

Under the law, companies must make disclosures about the information they collect and how it will be used and must provide it when asked for it.  When a consumer wishes to opt out, a business is prohibited from discriminating against that individual or selling his or her personal information.

Interestingly, a company can offer a financial incentive for collecting personal information.

CCPA Penalties

Like GDPR, this new law will have penalties associated with it for companies that don’t comply, as well.  A business will pay $750 per consumer, per incident!  So if a breach involves the private data of 1 million people, a company would be fined $750 million!

The Wrap

For online marketers, the new law represents additional hurdles to collecting emails and contact information which is so important to their conversion processes.  When it goes into effect on January 1, 2020, CCPA will be one of the toughest data privacy laws in the country.  Just as GDPR has done, it will alter how businesses handle private information. 

With the rash of breaches in the last few years putting the personal information of millions of people at risk, it’s understandable why governments are moving to create protections.

If you have questions about digital marketing, call me at 513-237-5530.


Bob Turner is a Digital Marketing Consultant with RevLocal in Cincinnati, Ohio.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s