Although the California Consumer Privacy Act (“CCPA”) is scheduled to go into force in early 2020, there is a great deal of confusion regarding the requirements of the CCPA, including the degree to which it aligns with other privacy regulations such as the European General Data Protection Regulation (“GDPR”). To help address that confusion, BCLP has published a multi-part series that discusses the questions most frequently asked by clients concerning the CCPA. You can play a video discussion of this FAQ here or find a complete archive of FAQs at www.ccpa-info.com.
Q. Does the CCPA apply to personal data about non-Californians (e.g., Europeans)?
Some data privacy laws are designed to apply to personal data collected about individuals that live beyond the country’s borders. Most notably, if a company is subject to the general jurisdiction of the European GDPR because it is processing personal data in the context of an establishment within the European Union, the GDPR purports to apply to all personal data – regardless of the residency of the person about whom the data relates. So, for example, if a company processes data in Paris, the GDPR purports to apply to that data regardless of whether the data is about Parisians or Americans.1 The net result is that if the GDPR attaches it may apply to data subjects “whatever their nationality or place of residence.”2
The CCPA, on the other hand applies only to "consumers" a term that is expressly defined as including only "a natural person who is a California resident."3 As a result, if a company processes data in Los Angeles, the CCPA applies only to the personal information processed about Californians; it does not apply to information processed about residents of other states or countries.