GDPR California Style: The California Consumer Protection Act (CCPA)

A new California law, CCPA, was recently passed with the intent to protect the private information of its consumers.

Collecting Information

Collecting contact information on potential customers has become a standard practice by marketers in the internet era. It is a way to reach out to those who have shown interest and woo them to become buyers.

However, that practice could be greatly impacted by two new laws. 


Recent data breaches by Wells Fargo, Facebook/Cambridge Analytica and other corporations prompted the European Union (EU) to enact a law to protect the private information of its citizens. Known as General Data Protection Requirements (GDPR), the law went into effect in May 2018.

It’s goal is to make the protection of personal data the default position for companies that collect it.  Personal data includes items such as names, addresses, email addresses, phone numbers, credit card numbers, account logins and more.

GDPR will also punish businesses that don’t follow the proper steps to secure the private information they collect. Companies can be fined four percent of their annual global sales.  The law impacts any business that collects the data of EU citizens.


On June 28, 2018, California Governor Jerry Brown signed into law the California Consumer Protection Act (CCPA). In an era of political disharmony, this bill received unanimous approval by the entire legislature, both the State Assembly and Senate. The law goes into effect in 2020.

The aims of CCPA are similar to GDPR: Allow Californians to have more control over their private data. The law is based on ensuring three rights to consumers:

  1. To know what personal data is being collected;
  2. To know if their personal information is being sold or shared and to whom;
  3. To opt-out and not allow their personal information to be sold or shared.

CCPA Compliance

To comply with CCPA, companies will need to inform consumers about the data that was collected and how it will be used. Businesses must also provide this information to any person who asks for it. Companies must also allow people to opt-out, essentially denying a business the right to sell personal information.  When that happens, a firm may not discriminate against those individuals.

Non-compliance with this law could incur some hefty penalties. Companies will be fined $750.00 per consumer, per incident.  If a breach results in the data of 1 million people being exposed, the business responsible could pay $750 million!

The Downsides

While CCPA is the toughest privacy law in the United States right now, it is not as stringent as GDPR. It also has some loopholes. reports that technology companies have the ability to share data, even if a consumer does not allow them to sell it.  Oddly, CCPA will also allow businesses to charge higher prices to those consumers who refuse to let their data be sold.  It’s an interesting paradox for a consumer protection law.

The Wrap

The idea of privacy is gaining steam and even has the backing of some tech companies. Apple CEO Tim Cook told,  “We think privacy is a fundamental human right…people are not aware fully of how their data is being used, who has it and I think this needs to be addressed.”

CCPA will make it more difficult for companies to market themselves and woo new customers on the internet.  But protecting the personal information of consumers is the right thing to do, and it far outweighs any new hurdles.

If you have questions about online marketing, call me at 513-237-5530.

Bob Turner is a Digital Marketing Consultant with RevLocal in Cincinnati, Ohio.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at

Up ↑

%d bloggers like this: