What is the California Consumer Privacy Act of 2019?

What is the California Consumer Privacy Act

The state of California has passed the California Consumer Privacy Act (CCPA).

California approved this act due to:

  • the rise in consumer data breaches 
  • big data companies selling customers data without any regulations
  • the growth of privacy concerns

It starts to take effect on the 1st of January, 2020.

The law is part of a global trend concerning data privacy protection and data transparency. It follows the Canadian Anti-Spam Law (CASL) and the General Data Protection Regulation (GDPR).

The CCPA focuses, exclusively, on data collection and privacy and it roughly aligns with the guidelines of the GDPR. This law explicitly mentions that it’s in response to the misappropriation of Facebook data of at least 87 million people by Cambridge Analytica.


According to the consumer privacy act, also known as AB-375, the law gives Californians the right to:

  1. Know the personal information collected about them;
  2. Know whether their personal information is sold or disclosed and to whom;
  3. Decline the sale of personal information;
  4. Access their personal information;
  5. Equal service and price, even if they exercise their privacy rights.


Key components of ccpa

Companies that fit the following description have to honor the rights granted to Californians:

  • Businesses with annual gross revenues of at least $25 million;
  • Data brokers and other businesses that buy, receive, sell or share the personal information of 50,000 or more consumers, households, or devices;
  • Businesses that get the majority of their annual revenue from selling consumers’ personal information.

The CCPA gives citizens the right to bring a civil action against companies that violate the law. Consequently, it stipulates that damages will be between $100 and $750 or higher, if more damage can be proven.

Plus, the state can bring charges against a company directly, levying a $7,500 fine for each alleged violation that isn’t addressed within 30 days.

Final thoughts

Prepare yourself! With GDPR running since May 2018 and the California Consumer Privacy Act of 2018 coming into force in less than a year, marketers must prepare for these unprecedented consumer rights.

“While the California legislation doesn’t reach quite the same scale as GDPR, an overwhelming majority of businesses will be impacted by the nature of conducting business in California, and it is inevitable that other states (like Georgia) — and perhaps even the federal government — will follow suit in pursuing similar laws in the 18 months ahead,” said Jonathan Lacoste, Jebbit’s president and co-founder.

He further said that, “while some American businesses could get away with delaying their response to GDPR, they cannot afford to delay here. We’re seeing countries outside Europe and North America catch on, too, like India, which recently introduced a data privacy framework.”

This “privacy parade” is long overdue, affirmed Lacoste, and a change is necessary since it will force companies to do what consumers deserve. “California’s action should provide the impetus companies need to shift their behavior,” he added, “but it will likely be the federal government that will ultimately wield enough power to hold businesses accountable.”

It’s important that you start thinking about solutions for your company, don’t wait until the last minute. Preparation is the key to successfully honor consumer rights and deliver a good service to your clients.


Was this post helpful?