Data privacy has become one of the biggest concerns in the technology sector today. It is not just a matter of good customer service – today, technology companies are subject to a wide array of state, federal, and international laws. These laws govern the use of customer data and require safeguards to protect the privacy of user data. Companies that fail to meet their obligations under these laws can face large fines, administrative sanctions, and irreparable damage to their public image. It is important for companies to work with an experienced business lawyer to protect user data at every stage of business operations.
The General Data Protection Regulation was adopted by the European Parliament on April 14, 2016. The GDPR is notable for being the most far-reaching data privacy law to be enacted. It protects data that is collected from any individual in the European Economic Area. The GDPR also applies to any business that collects data from any residents of the European Union. Because of this, your company can still be bound by its provisions, even if you conduct business here in California. The other reason California business owners should be familiar with the GDPR is that it served as a model for the California Consumer Privacy Act. The two regulations have many similar provisions.
California Consumer Privacy Act
The California Consumer Privacy Act was adopted on June 28, 2018. Like the GDPR, the CCPA is designed to protect the privacy of residents. California residents are granted the following specific privacy rights under the CCPA:
- To know what personal data is being collected about them.
- To know whether their personal data is being sold or disclosed (and if so, to whom).
- To decline the sale of their personal data.
- To access their own personal data.
- To request that a business delete any personal information about a consumer collected from that consumer.
- To not be discriminated against for exercising their privacy rights.
California Online Privacy Protection Act
The 2013 amendments to the Act (which became effective on January 1, 2014) require additional disclosures under privacy policies. The website operator must disclose how it responds to “do not track” signals (or other prompts that give consumers a choice regarding the collection of personally identifiable data).
Questions about California Privacy Law? Call Structure Law Group Today