Please note that all my articles are for informational purposes only and not legal advice. I assume no liability for the content of my articles. The articles may be out of date, the legal situation may have changed, or the specific situation in a case may need to be assessed differently. A binding consultation can only be given by me directly in the individual case. Take advantage of my free brief consultation!
Business with customers in California? Attention CCPA
On January 1, 2020, the California Consumer Privacy Act (CCPA) will enter into force in California, which is intended to raise the data protection standard in line with the GDPR/GDPR, but also sets special requirements for online companies.
Does both apply?
However, both pieces of legislation are only partially compatible. For example, CCPA and the GDPR have different requirements, different definitions and different areas of application, e.g. when collecting personal data without explicit consent, and the GDPR lacks a right to opt-out, which is what the CCPA requires. CCPA also applies only to certain types of companies.
The CCPA currently applies if:
The annual gross revenue amounts to at least 25 million US dollars.
The company’s profit is 50 percent or more due to the annual revenue from the sale of personal data.
The scope of processing of personal data for business purposes affects at least 50,000 or more consumers, devices or households living in California.
What are the penalties?
A possible penalty under the CCPA in the case of an intentional data breach amounts to USD 7,500 per breach, and USD 2,500 per breach in the event of negligent action.
Marian Härtel is a lawyer and entrepreneur specializing in copyright law, competition law and IT/IP law, with a focus on games, esports, media and blockchain.
