The California Consumer Privacy Act of 2018 (“CCPA”) is arguably the most comprehensive - and complex - data privacy regulation in the United States. The CCPA was designed to emulate the European General Data Protection Regulation (“GDPR”) in many respects. As a result, United States companies that thought that they were not subject to the GDPR are now laser focused on the requirements of the CCPA and rushing to verify that their practices comply with the statute. While the CCPA was drafted with an eye toward the GDPR, it also differs from that regulation in many respects. As a result, companies that just finished their push to come into compliance with the GDPR now also must redirect their attention toward the CCPA.

To help address the confusion caused by the CCPA, Bryan Cave Leighton Paisner is publishing this multi-part Practical Guide to the California Consumer Privacy Act.

The “right to equal service and price” refers to the CCPA’s prohibition against discriminating against consumers who exercise their rights under the CCPA. Where a consumer exercises a right, a business is prohibited from denying goods or services, charging a different price, imposing penalties, providing a different level or quality of service, or suggesting the consumer will receive a different price or rate or different level or quality of goods or services.

The majority of data privacy laws in the United States do not include anti-discrimination provisions, but there are some notable exceptions. For example, the Health Insurance Portability and Accountability Act (“HIPAA”) directly addresses the issue of genetic discrimination.

To comply with the CCPA companies should:

  • Review their pricing policies and practices to verify that they do not price discriminate – intentionally or inadvertently – based upon whether a person opts-out of the sale of their information.
  • Review existing privacy notices and verify that they meet the new requirements of the CCPA.
  • Draft an appropriate policy for managing requests by consumers who exercise their rights under the CCPA.
  • Train employees on how to handle and document requests by consumers who exercise their rights under the CCPA.
  • Verify that the policies in place facilitate compliance with the new requirements of the CCPA for consumers who exercise their rights.

Companies across the globe have retained BCLP to draft internal protocols, or to review existing protocols to spot red flags that might be of concern to a court or a regulator.

CCPA Provisions

GDPR Provisions

Cal. Civil Code 1798.125(a)(1)