Skip to main content
Home Insights Tech Talk As Businesses Navigate the CCPA, New Legislation May Alter the Route
  • Data Privacy & Security
  • August 3, 2020

As Businesses Navigate the CCPA, New Legislation May Alter the Route

Philip R. Stein

The California Consumer Privacy Act (CCPA) may apply in potentially significant ways to companies and individuals based far from California.  It applies to any for-profit entity doing business in that state that collects, shares, or sells California consumers’ personal data and meets one of the following additional criteria: 

  • Annual gross revenues in excess of $25 million; or
  • Possession of the personal information of 50,000 or more consumers, households or devices; or
  • More than 50% of its annual revenue is earned from selling consumers’ personal information

In fact, the CCPA’s reach extends even farther, because it also applies to any entity that owns, is owned by, or shares common branding with a covered business.  Its substantive scope is, likewise, by no means narrow. The CCPA created four main categories of consumer rights: 

  1. the right to know how one’s personal data is being used, 
  2. the right to request deletion of that data, 
  3. the right to opt-out of the sale of the consumer’s personal data, and 
  4. the right to not be discriminated against for exercising the first three of those rights.

Given its scope and sweep, the CCPA has garnered a lot of attention and spurred a lot of concern.  For businesses, a significant portion of that concern has resulted from uncertainty in various respects about how the statute would be administered.  Enforcement of CCPA provisions did not begin until July 1, 2020, and that was just one month after final proposed regulations were published.  Now there is reason to believe that its current level of consumer protections will be enhanced, potentially redefining the landscape of privacy law. 

Just a week before the CCPA began to be enforced, the California Privacy Rights Act (CPRA) – proposed legislation advanced by the same group that first supported enactment of the CCPA – was certified to be voted on as a ballot initiative as part of the November 3, 2020 election in California.  The CPRA, if enacted, would substantially increase consumer rights beyond even those now enshrined as part of the CCPA.  It would create a new state agency empowered to take a broad array of actions to implement and enforce this new legislation.   The CPRA would push covered entities to be even more limited in their uses of personal information, offer new rights to consumers to prohibit use of their personal data, and would treat a new category known as “sensitive personal information” (as defined in the CPRA) as subject to heightened protections in comparison to other types of personal information.  

Companies, whether or not based in California that have labored over the past few years to get ready for the long-anticipated CCPA enforcement period to begin now have more studying to do, in preparation for possible approval by voters of the CPRA.  We will be following developments both with respect to the CCPA and the proposed CPRA in hopes that we can aid that preparation.  

Related Practices
Data Privacy & Security
YOU MIGHT ALSO LIKE
Press Release May 21, 2025
Builders Association of South Florida Recognizes Brian Adler and Howard Nelson
The Builders Association of South Florida (BASF), the local affiliate of both the Florida Home Builders Association and the National Association of Home Builders, has awarded Brian S. Adler and Howard E. Nelson with its President's Award.
Press Release May 20, 2025
Bilzin Sumberg Wins MDFAWL Champion of Women Award
Bilzin Sumberghas been awarded the 2025 Champion of Women Award presented by the Miami-Dade Chapter of the Florida Association for Women Lawyers (MDFAWL).
Development Conference May 15, 2025
Evolving Approaches to Public-Private Partnerships in Florida
Eric Singer moderates the panel Evolving Approaches to Public-Private Partnerships in Florida at Bilzin Sumberg’s Development Conference. The panel discusses the key challenges and opportunities that P3s present public agencies, private developers, and operators alike, as P3s are creatively de...
VIEW MORE