July 6, 2018

Is the California Consumer Privacy Act of 2018 the American GDPR?


A ripple of fear always reverberates throughout the email industry when new legislation is passed that could limit the distribution of commercial email and the use of data. The California Consumer Privacy Act of 2018 (CCPA) is no different. Originally proposed as a statewide ballot by real estate developer Alastair MacTaggart, the core focus of the CCPA is to provide additional control over consumer’s data and how it can be collected, stored, and used by corporations. At the final hour, the state of California put forth a similar piece of legislation and MacTaggart’s bill was replaced. This legislation passed by unanimous vote in both the state’s House and Senate, and signed by Governor Jerry Brown on June 28, 2018.

This new legislation brings together several pieces of privacy law previously missing in the United States, but present in other countries. Companies will now need additional transparency regarding how they utilize the personal information of their clients. This includes things like the categories of information collected, its source, its purpose, any third parties accessing it and specific pieces of information the business collected about the consumer. The CCPA will come into effect on January 1, 2020, so businesses requiring time to update their processes and policies will have the next 18 months to identify the changes required to comply with this new law.

Does this all sound familiar? It should, thanks to all the recent news coverage of the General Data Protection Regulation (GDPR), which went into effect in the European Union 30 days prior to this law being passed. It’s even similar to parts of the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

This legislation targets five key concerns when personal information is collected:

  1. Right to know what personal information is being collected
  2. Right to know whether personal information is sold or disclosed, and to whom
  3. Right to say “no” to the sale of personal information, including deletion of data
  4. Right to equal service and price
  5. Right to access their personal information

While this legislation has several similarities to GDPR, it’s not exactly the same. Here are some important differences:

California is a driving force in the world of digital, and the potential impact of this legislation would cement many ideals of GDPR, the OECD privacy framework, and digital rights for consumers in America. With the fifth largest economy in the world, California gets to carry a big stick and drive changes forward in America.

“Fundamental to this right of privacy is the ability of individuals to control the use, including the sale, of their personal information”
THE CALIFORNIA CONSUMER PRIVACY ACT OF 2018 – Sec 2 (1)

The CCPA also requires businesses to include an easy-to-find way for consumers to “opt-out” of data-sharing, and a link on a company’s homepage to a page titled “Do Not Sell My Personal Information.” If a consumer navigates there and requests his or her information is kept private, the business must suspend any selling of that consumer’s information for 12 months and obtain clear consent authorizing the sale of their data in the future (after the year is over).

The CCPA mandates a series of penalties for businesses, starting with referring intentional violations not resolved in a satisfactory time frame to the Attorney General ($7,500/per violation). The legislation also allows for limited class settlements in the case of data breach ranging from $100-750 per incident, following a grace period in which the Attorney General could take action first.

What does this mean for digital marketers?

It is time to evaluate your business’s data collection and usage needs, especially if you’re reselling data or buying data from a third party. Consider what you need to disclose, how should it be disclosed, and how to manage consumer requests spurred by CCPA.

Hopefully your GDPR preparations answered many of these questions for you already. For example, during 250ok’s GDPR preparations we built self-service tools for our clients to manage requests to delete, export, and ignore future tracking of specific individuals by request into our systems. These tools are available in your account, and if you require help accessing or using these, please contact your account manager. These tools should help you manage the requests you could receive under CCPA, so get comfortable with them, as you’ll want to be in compliance here just as much as you want to be GDPR-compliant.

Author: Matt Vernhout

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (CIPP) with more than a decade of experience in email marketing. Matt is 250ok's Director of Privacy and Industry Relations, and he has served as Chair of the eec Advocacy Subcommittee for several years.

You may also like...

How the top 500 internet retailers collect email sign-ups (2016).

Welcome to How The Top 500 Internet Retailers Collect Email Sign-ups (2016), an analysis of how retailers promote their programs, leverage mobile optimization, use social sign-ups, capture personal data, and more. In addition, we have shared some year-over-year trend insights compared to How The Top 500 Internet Retailers Collect Email Sign-ups (2015). Let’s dig in. Sign-up […]

How the top 500 internet retailers collect email sign-ups (2015).

We reviewed the top 500 internet retailers to analyze their email collection practices and sending habits. Check out some of the trends we discovered while analyzing over 1,000 websites owned by the internet’s top retailers.

Deliverability myth: Why you need to measure inbox placement. [INFOGRAPHIC]

It’s important to measure and compare your delivered rate to your inbox rate. What’s the difference? Let’s say your email service is reporting 90% deliverability with a 10% bounce rate. Then you run your campaign through your deliverability service and it reports the same 10% bounce/missing rate, but 72% inbox placement and 18% spam placement. Both look […]

Ready to get started?