On October 10, 2023, Governor Gavin Newsom signed the California Delete Act into law ¹. The act is an amendment to the existing California privacy laws, including the California Consumer Privacy Act (CCPA) ⁷. The new law will have a significant impact on companies’ privacy compliance obligations ³. It will create difficult compliance obligations for companies that are currently subject to California’s data broker registration law ³. The new law will not only increase the information that data brokers are required to provide as part of their annual registration, but it will also require them to implement technical mechanisms to honor deletion and opt-out requests made by consumers to all data brokers on the registry ³.
The California Consumer Privacy Act (CCPA) was signed into law in June 2018. It provides California residents with a set of European-style data rights and California businesses with obligations pertaining to how they collect, use, or disclose Californians’ data ⁷. The CCPA requires businesses to specify the purposes and means of data collection and use, limit data sharing and disclosure, and respect user rights and choices ¹. The CCPA applies to businesses that meet one or more of the following criteria: have an annual gross revenue of over $25 million; buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices; or derive 50% or more of their annual revenue from selling consumers’ personal information ⁷.
The California Privacy Rights Act (CPRA) was approved by voters in November 2020. It amends the CCPA and creates additional privacy rights for Californians. The CPRA expands the definition of sensitive personal information and creates new consumer rights related to automated decision-making technology ⁴.
The California Privacy Protection Agency (CPPA) is responsible for enforcing state and federal privacy laws. It empowers Californians with information on their rights and strategies for protecting their privacy. It encourages businesses to follow privacy-respectful best practices ⁸.
The CCPA and CPRA provide Californians with a set of European-style data rights and create obligations for businesses that collect, use, or disclose Californians’ data. The new California Delete Act will create additional compliance obligations for companies that are currently subject to California’s data broker registration law. Companies should stay up-to-date with these laws and regulations to ensure compliance.
¹: https://www.theguardian.com/technology/2023/oct/10/california-delete-act-signed-newsom
³: https://www.wilmerhale.com/en/insights/blogs/WilmerHale-Privacy-and-Cybersecurity-Law/20231012-california-privacy-update
⁴: https://www.caprivacy.org/
⁷: https://www.datagrail.io/blog/data-privacy/california-privacy-laws-explained/
⁸: https://oag.ca.gov/privacy