Potentially Expanded Private Right of Action Increases Risk of Class Action Exposure Under the California Consumer Privacy Act

As companies were getting up-to-speed on the effects of the European Union’s General Data Protection Regulation (GDPR) last year, California quickly enacted its own privacy law, the California Consumer Privacy Act (“CCPA” or “Act”) last June. We address below the high risk associated with the CCPA and its interaction with regulations in key U.S. industries. The fast-passed legislation was designed to avoid a November 2018 ballot initiative on the subject, and was plagued by errors and ambiguities that require robust clarification.  The Act’s take-away, however, was abundantly clear – California consumers have a right to know what personal data companies are collecting and are empowered to bring a private right of action for a data breach (and even potentially for other violations of the Act). 

Will California’s New Privacy Law be Preempted? Federal Hearings and Public Comments Begin

Although numerous attempts have been made to pass a comprehensive U.S. privacy law over the years, this one might actually succeed. Efforts have begun on multiple fronts. From Senate Commerce Committee hearings to several federal agencies vying for which will lead a federal regulatory effort, privacy is a hot topic in Washington, DC. Businesses should take immediate action to enter the discussions if they have not already done so. Comments on a proposed federal framework are due October 26, 2018. The Commerce Committee will hold additional hearings in October. Industry is coming to the table in an attempt to avoid facing a jumble of inconsistent state privacy laws.

Will California’s New Privacy Law be Preempted? Federal Hearings and Public Comments Begin

Although numerous attempts have been made to pass a comprehensive U.S. privacy law over the years, this one might actually succeed.  Efforts have begun on multiple fronts.  From Senate Commerce Committee hearings to several federal agencies vying for which will lead a federal regulatory effort, privacy is a hot topic in Washington, DC.  Businesses should take immediate action to enter the discussions if they have not already done so.  Comments on a proposed federal framework are due October 26, 2018.  The Commerce Committee will hold additional hearings in October.  Industry is coming to the table in an attempt to avoid facing a jumble of inconsistent state privacy laws.