Business with customers in California? Attention CCPA

Who is it relevant to?

Content Hide

On January 1, 2020, the California Consumer Privacy Act (CCPA) will enter into force in California, which is intended to raise the data protection standard in line with the GDPR/GDPR, but also sets special requirements for online companies.

Key Facts

The California Consumer Privacy Act (CCPA) comes into force on January 1, 2020.
CCPA has special requirements for online companies and raises the data protection standard.
CCPA and GDPR are partially incompatible with different requirements and definitions.
The CCPA applies to annual gross revenues of at least 25 million US dollars.
Companies that generate 50% or more of their revenue from the sale of personal data are subject to CCPA.
CCPA also affects the processing of 50,000 or more consumers in California.
Penalties for willful data protection violations are up to 7,500 US dollars per violation.

Does both apply?

However, both pieces of legislation are only partially compatible. For example, CCPA and the GDPR have different requirements, different definitions and different areas of application, e.g. when collecting personal data without explicit consent, and the GDPR lacks a right to opt-out, which is what the CCPA requires. CCPA also applies only to certain types of companies.

The CCPA currently applies if:

The annual gross revenue amounts to at least 25 million US dollars.
The company’s profit is 50 percent or more due to the annual revenue from the sale of personal data.
The scope of processing of personal data for business purposes affects at least 50,000 or more consumers, devices or households living in California.

What are the penalties?

A possible penalty under the CCPA in the case of an intentional data breach amounts to USD 7,500 per breach, and USD 2,500 per breach in the event of negligent action.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: Business Consumer Laws Privacy