Well, that didn’t take long! Now that the deadline has come and gone for any business that is subject to the EU’s GDPR, I was wondering how long it would be before some legislature, here in the U.S., would follow the EU’s lead and implement their own version of GDPR. As usual, California did not disappoint.
At whirlwind speed, and bowing to political pressure from a privacy rights advocate, the California legislature passed the California Consumer Privacy Act (CCPA). But, unfortunately for the businesses that must comply with the CCPA, less actual thought was put into the drafting of this Act than any piece of privacy legislation I’ve seen in the past two decades. Don’t get me wrong, I think the Act has some good provisions to it. But, it is deeply flawed, and my hope is that California lawmakers will come to their senses and fix the CCPA before it goes into effect on January 1, 2020. Whether they actually make the necessary repairs or not, this new gift from California will cost businesses across the U.S. billions of dollars in new compliance investments.