News & Insights

Home » News & Insights » What will California’s new data privacy law mean for US businesses?

What will California’s new data privacy law mean for US businesses?

Guzov's Legal News and Publications, Legal Developments

As we discussed a few weeks ago with California’s new labor law affecting independent contractors, changes to the law in the Golden State can have national repercussions. Careful observers will be aware that the European Union has pioneered regulation of large tech companies in the last few years, especially around the “right to be forgotten” and other matters of data privacy. On Friday, California took a major step toward bringing recent European jurisprudence regarding tech to the United States with a new law, the California Consumer Privacy Act (CCPA), which will come into effect January 1, 2020. The law will give California users and customers the right to see and control all data collected by firms they interact with online–including the right to have that data deleted or not sold to third parties.

Although the law was primarily written with Google and Facebook in mind due to their heavy use of user data for the targeted advertising side of their business, an estimated 500,000 US firms will be impacted by the new law. That’s because all firms with more than $25 million in gross annual revenues that “collect or process” data on California residents will have to comply with the law, even if they lack a physical presence in the state. Alternatively, firms that use data from more than 50,000 Californians or derive more than half of revenues in California are also subject to the law. Surveys of US privacy professionals indicate that compliance costs could balloon with new law–in the hundreds of thousands or even millions of dollars–something that won’t be a problem for tech giants or other big businesses but that small and medium-sized businesses could struggle with. [1]

The many firms set to be affected by the new law will no doubt scramble to get ready as implementation looms. However, it seems likely that the burdens of compliance will result in disputes and litigation over the fines regulators will begin applying in January.

[1] Murphy, H. (September 2019) Californian privacy law looms large for 500,000 US companies from FT Accessed September 30 2019

Recent Posts

Impact of Shorter COVID-19 Quarantine on Workplaces

On Monday, the CDC announced changes to its recommended isolation and quarantine time from 10 days to 5 days for asymptomatic people with COVID-19. They recommend that people leaving isolation after 5 days continue to wear a mask for the following 5 days. The CDC also...

Restaurants Sue Over Vaccine Mandate

Restaurant operators sued Mayor Bill de Blasio and New York City over Key to NYC, the new indoor vaccine mandate program, on August 17-the same day the mandate went into effect. A group of restaurants in Staten Island, through the Independent Restaurant Owners...

Financial Regulators’ New Target: Social Media Influencers and SPACs

The Financial Industry Regulatory Authority (“FINRA”) will conduct three new regulatory sweeps in an effort to combat various activities causing extreme fluctuations in the financial markets. FINRA has chosen to target special purpose acquisition companies (“SPACs”),...

Does WARN Apply to Virus Closures?

Enterprise, in Benson et al. v. Enterprise Leasing Co. of Florida LLC et al., has tried to argue that the Worker Adjustment and Retraining Notification Act (“WARN”), through its natural disaster exception, does not apply to closures caused by COVID-19. Two Florida...