New GDPR-Like Privacy Law Could Be Coming to California in 2018

Privacy initiatives are on the rise. First with the GDPR, and now with a proposed California Consumer Privacy Act.

privacy act

What is the California Consumer Privacy Act?

privacy act

In short: the potential ballot initiative will apply to all businesses that use customer data for commercial purposes. It specifically gives customers the right to:

  1. Ask businesses what personal data is being collected about them
  2. How the data is being used
  3. Opt out of further collection and usage
  4. Sue for damages

The initiative was first proposed in September 2017, and could potentially become an enormous issue for businesses that use or re-sell customer data.

Are There Similarities to the GDPR?

GDPR privacy act

Yes. If passed, the California law will be very similar to the GDPR privacy rules, except:

  • California Law: customers will be responsible for requesting the disclosure of who is using their information and can then choose to opt out.
  • GDPR: companies are required to have an opt-in consent for the use of customer data.

What is the Purpose of the Initiative?

Privacy Act

The initiative is meant to give customers more information and control over how their data is being used. The Act will apply to every business that uses customer data for commercial purposes – not just technology or internet companies.  

Other significant elements:

  • The customers that decide to opt out will not be penalized or charged a higher price.
  • The initiative gives new power to prosecutors and citizens to file civil lawsuits after a data breach or for selling personal information after a customer has said “no” to sharing.

Data-using companies probably won’t like this component. Especially how there is no requirement that specifies that citizens have to prove harm before damages can be awarded.

What’s Next?

Privacy Act

It doesn’t take a political insider to know that if the initiative qualifies for the ballot, it will certainly be challenged in court. It could be opposed as an attack on both small business and the California economy.

The initiative, however, is really targeted at technology companies and the data ecosystem that most customers don’t even know about or understand.

If the initiative passes, it will certainly have national implications. With most companies operating on a national scale, their business will touch customers in California one way or another.

For more information on how LoginRadius can help you meet all major compliances and policies, as well as any regional specific data policies, visit our Global Compliances page here.

For more information on the GDPR, visit our GDPR Portal.

Emily Genge


Emily is a Marketing Intern at LoginRadius, a leading Customer Identity Management platform. She is a recent graduate from the University of Waterloo, where she studied Rhetoric, Media, and Professional Communication.

New Call-to-action