Media Coverage
Media Coverage
Press Contacts: Erik Cummins, Matt Hyams, Taina Rosa, Olivia Thomas
07.03.18
A California law passed last week gives consumers more control over how companies use and share their personal information and is the first of its kind in the United States, reports Law360. The California Consumer Privacy Act, or CCPA, is akin to consumer-focused privacy regimes in the European Union, most notably the recently enacted General Data Protection Regulation, or GDPR.
In fact, Pillsbury’s Catherine Meyer tells Law360, although the California and EU regulations are not identical, companies that have spent time preparing for the strict GDPR requirements have likely already made progress toward compliance with the CCPA as well.
"If a U.S. company is required to be GDPR-compliant, the work done in terms of preparing to comply with data portability and [the] right to be forgotten will be helpful for compliance with the California statute," she said. "Additionally, the up-front disclosures required under the GDPR in a company’s privacy policy with respect to the categories of data being collected and the use of such data as well as the description of the new rights of consumers will be helpful."
As of January 1, 2020, companies that hold various types of personal data related to California consumers will be required to comply with the CCPA, which mandates that they must tell consumers, upon request, what personal data the company holds about the consumer, how it is used and any third parties that have access to the data. Companies also must allow consumers to opt out of the sale of their data, allow consumer requests for the deletion of their data and obtain opt-in consent before selling information belonging to consumers under the age of 16.