California’s newly enacted Consumer Privacy Act of 2018 is the strictest of the US’s patchwork of privacy related regulations. The Act will impact any legal entity that (i) does business in California, (ii) is operated for the profit or financial benefit of its owners, (iii) collects consumers’ personal information and determines the purpose and means of processing such information, and (iv) satisfies at least one of the following three conditions:

  • Has an annual gross revenue of over $25 million
  • Alone or in combination, annually buys, receives, sells or shares for commercial purposes the personal information of 50,000 or more consumers, households or devices, or
  • Derives 50% or more of its annual revenues from selling consumers’ personal information

So while many are discussing this law as it relates to the Silicon Valley giants, its reach will extend far beyond  the big tech companies.  Our news alert on the topic discusses the key rights afforded to California consumers.

We will continue to monitor developments as the details of the law dubbed the “CA GDPR” are refined before it goes live in 2020.