What we’ve learned from California’s Consumer Privacy Act so far
In June 2018, California passed a major consumer privacy law called the California Consumer Privacy Act (CCPA). CCPA was the first comprehensive consumer privacy law passed in the United States. It gives consumers several important new rights, including the right to know more about a company’s privacy practices, a right to see, delete, and download the personal information stored about them, restrictions on a company’s right to sell their personal information, restrictions on discrimination against consumers for exercising their privacy rights, and the right to sue companies for certain types of data breaches.
Though CCPA went into force Jan.1, some of the law’s implications are already becoming clear.
First, privacy is not cheap. CCPA delegates rule-making authority (as well as enforcement) to the California Department of Justice. As part of the rule-making process, the California DOJ must estimate the compliance costs of its proposed rules. The DOJ also retained a private economics consultancy, Berkeley Economic Advising and Research (BEAR), LLC, to prepare a “Standardized Regulatory Impact Assessment: California Consumer Privacy Act of 2018 Regulations.”