Data Privacy Law

AdobeStock_271540240-scaled-e1588957114666-300x198Data privacy has become one of the biggest concerns in the technology sector today. It is not just a matter of good customer service – today, technology companies are subject to a wide array of state, federal, and international laws. These laws govern the use of customer data and require safeguards to protect the privacy of user data. Companies that fail to meet their obligations under these laws can face large fines, administrative sanctions, and irreparable damage to their public image.  It is important for companies to work with an experienced business lawyer to protect user data at every stage of business operations.


The General Data Protection Regulation was adopted by the European Parliament on April 14, 2016. The GDPR is notable for being the most far-reaching data privacy law to be enacted. It protects data that is collected from any individual in the European Economic Area. The GDPR also applies to any business that collects data from any residents of the European Union. Because of this, your company can still be bound by its provisions, even if you conduct business here in California. The other reason California business owners should be familiar with the GDPR is that it served as a model for the California Consumer Privacy Act. The two regulations have many similar provisions.

California Consumer Privacy Act

The California Consumer Privacy Act was adopted on June 28, 2018. Like the GDPR, the CCPA is designed to protect the privacy of residents. California residents are granted the following specific privacy rights under the CCPA:

  1. To know what personal data is being collected about them.
  2. To know whether their personal data is being sold or disclosed (and if so, to whom).
  3. To decline the sale of their personal data.
  4. To access their own personal data.
  5. To request that a business delete any personal information about a consumer collected from that consumer.
  6. To not be discriminated against for exercising their privacy rights.

California Online Privacy Protection Act

The California Online Privacy Protection Act was enacted in 2004 and amended in 2013. It was the first law in the United States to require commercial websites to include a privacy policy. The Act also enacted stricter requirements for websites that collect personally identifiable information (such as a name, date of birth, social security number, telephone number, street address, or email address). This Act applies broadly to any website that can be accessed by California residents.


The 2013 amendments to the Act (which became effective on January 1, 2014) require additional disclosures under privacy policies. The website operator must disclose how it responds to “do not track” signals (or other prompts that give consumers a choice regarding the collection of personally identifiable data).

Questions about California Privacy Law? Call Structure Law Group Today

Businesses have many obligations under state, federal, and international privacy laws. Protect your business from liability by consulting with a California business lawyer as soon as possible. The experienced data privacy lawyers at Structure Law Group can help design a comprehensive privacy policy that will protect you and your business from liability. Call (408) 441-7500 or visit our website to schedule a consultation.