Add blog to your RSS reader
Get blog updates by emailPopular Topics
All Topics
- .Com Disclosure Guide
- 140conf
- 140conf Long Island
- 140confLI
- 47 USC 230
- AAA
- ACI 2017
- Ads
- Advance Registration
- Advertising
- Advertising Agencies
- Advertising Agency
- Advertising Disclosure
- Advertising Industry
- Advertising Injury
- Advertising Law
- Advertising Practice
- advertising self-regulation
- Advertising Self-Regulatory Council
- Advertising Software
- Advertising, Marketing & Promotions News
- Advertorials
- Advisory
- Affiliate Marketing
- Affiliate Program
- All Natural
- Amazon
- Amazon Silk
- Amazon Tax
- Amazon.com
- Amendments
- American Advertising Federation
- American Bar Association
- Americans with Disabilities Act
- Android
- Annual Audit
- Annual Fee
- anti-fraud
- App Developers
- Apple
- Apps
- Arbitration
- Arbitration Clause
- Arbitration Rules
- Ashley Madison
- ASRC
- AT&T Mobility LLC v. Concepcion
- ATDS
- Attorney
- Attorney General
- Audio Beacons
- Augme
- Auto-dial
- Automatic Renewal
- Automobiles
- BBB AdTruth
- Bead Art Playsets
- Behavioral Advertising
- Best Lawyers
- Blackberry
- Bloggers and Influencers
- Bloomberg BNA
- Brain Training
- Brands
- Breach
- Burden of Proof
- Business Law
- Business, Marketing & Promotions News
- Buyers
- California Auto-Renewal Task Force
- California Consumer Privacy Act
- California’s Automatic Renewal Law
- California’s Unfair Competition Law
- Campaigns
- CAN-Spam
- Cancer Fund of America
- cannabis
- Caribbean & Latin American Corporate Counsel Summit 2017
- CARU's Guidelines
- CAS
- Cash prizes
- CASL
- CBBB
- Celebrity Images
- Cell Phone Applications
- Cell phones
- CFPB
- CGMP
- Chambers 2017 USA Guide
- Chantal Tode
- Charge Pop-ups
- Charity Fundraising
- Charity Regulators
- Children's Advertising
- Children's Advertising Review Unit (CARU)
- children's marketing
- Children's Privacy
- Civil Penalties
- Class Action
- Class Action Lawsuit
- Class Certification
- Clean Diesel
- Cognitive Claims
- Colorado
- Commerce Department
- Commercial Advertising
- Commercial Electronic Mail Act (CEMA)
- Communications Decency Act
- compliance
- conference
- Consumer Complaints
- Consumer Complaints List
- Consumer Contracts
- Consumer Data
- Consumer Fraud
- consumer health guidelines
- Consumer Privacy
- Consumer Privacy Bill of Rights
- Consumer Protection
- consumer protection laws
- Consumer Sentinel Network
- Contract
- COPPA
- COPPA FTC Olshan Advertising Marketing Promotions Privacy
- Copyright Act
- Copyright Alert System
- Copyright Infringement
- Copyright Infringement Abroad
- Copyright, Trademark and Other Intellectual Property
- Corporate Law
- Council of Better Business Bureau
- Counterclaims
- Court Decisions
- Cramming
- Credit Card Payment Surcharges
- Crowdfunding
- Cryptocurrency
- cybersecurity
- D.C. Circuit Court
- Daily Fantasy Sports Contests
- data breach
- Data Broker
- Data Collection Practices
- Data Protection
- Data Security
- Data Transfers
- Debt collectors
- Deceptive Advertising
- Deceptive Pricing
- Deceptive Tracking
- Department of Commerce
- Department of Labor
- Department of Labor (DOL)
- dietary supplements
- Digital
- Digital Advertising
- Digital Media
- Direct listings
- Direct Marketers
- Direct marketing programs
- Direct response marketing
- DirectTV
- Disclosure
- Disclosure Obligations
- Disclosure Rules
- Discounts
- DMA
- DMCA
- Do Not Call
- Do Not Track
- Domain Extensions
- Domino's Pizza
- Dot Com Disclosures
- DPPA
- DraftKings
- Drawing By Chance
- Elder Abuse Prevention and Prosecution Act
- Emissions Testing
- endorsement
- Enforcement Action
- Enhanced Ads
- Entry Fee
- EPA
- Epic
- EU Commission
- EU-US Privacy Shield
- European Commission
- European Court of Justice (ECJ)
- European Union
- European Union registration holders
- European Union Trademark
- Exchange listing
- Ezor
- Factory outlets
- Fair Credit Reporting Act (FCRA)
- Fair Debt Collections Practices Act
- Fair Information Practice Principles
- Fair Labor Standards Act
- False Advertising
- FanDuel
- Fantasy Contests Act
- Fantasy Sports
- Fantasy Sports Operators
- Farm Bill
- Fax broadcsters
- Faxes
- FCC
- FCC Developments
- FCC Solicited Fax Rule
- FDA
- FDCA
- Federal Laws & Regulations
- Federal Overtime Regulations
- Federal Trade Commission
- Final Rule
- FIPP
- First Amendment
- Fit Products
- Fit Tea
- Florida
- Force Majeure
- Fraud
- FTC
- FTC Act
- FTC Guidance
- FTC restitution
- FTC’s Jewelry Guides
- Gambling
- Gambling Laws
- Game Promotions
- GDPR
- General Data Protection Regulation
- Geo-targeted Advertising
- Georgia
- Guide
- HARO
- Health-related Mobile Apps
- Health-related Products
- Healthy
- HIPAA
- History Sniffing
- HitPath
- Homestead Laws
- HTC
- Hurricane
- IAB
- ICANN
- illegal content
- Illegal Gambling
- Illinois
- IMDb
- Influencer Marketing
- Injury in Fact
- Insider Trading
- Inspection Resources
- Insurance Company
- Insurance Coverage
- INTA
- Intellectual Property
- Internet and Privacy Law
- iOS
- Iowa
- IP Awareness Assessment Tool
- IPOs
- Jeff Pulver
- Jewelry
- JOLT
- Jurisdiction
- Kindle Fire
- Lanham Act
- Law
- Law Enforcement
- Law Review Article
- law school
- Laws
- Leading Lawyers
- Lee Bogner
- Legal 500 United States 2017
- Legislation
- letter of consent
- Licensing Fees
- Lily Robotics
- List managers
- Litigation
- Lumosity
- Lumosity ads
- Lumosity games
- Lustigman Firm
- Luxury Daily
- made in the usa
- Magazine publishers
- Mail Order Sales Rule
- Manufacture
- Manufacturer’s Suggested Retail Price (“MSRP”)
- Marden-Kane
- Marketing
- Marketing & Promotions News
- Marketing and Advertising Law
- Marketshare
- Mass texts
- Material Disclosures
- Mc Donalds
- Media and Entertainment
- Media Companies
- Microsoft
- MLM
- Mobile Financial Services
- Mobile In-app Charges
- Mobile Marketer
- Mobile Marketing
- Mobile Payment Systems
- Mobile Payment Systems Security Programs
- Mortgage Bankers Association
- Mortgage Investors
- NAD
- NARB
- Native Advertising
- Native Advertising Guidelines
- Nautilus, Inc.
- New Jersey
- New Jersey Supreme Court
- New York
- New York Law Journal
- Nomi
- Non-commerical Calls
- Non-profit Organization
- Notice
- Nutrient Content
- NY Attorney General
- objective consumer harm
- Off-label Prescriptions
- Office for Civil Rights (OCR)
- Office of Foreign Assets Control (OFAC)
- Office of National Coordinator for Health Information Technology (ONC)
- Ohio
- Oklahoma
- Olshan
- Olshan Grundman
- Olshan News
- Online Advertising
- Online Apps
- Online Cancellation
- Online Contracts
- Online Discount Pricing
- Online Entertainment Co
- Online Retail
- Online Reviews
- Online Tracking
- Online travel agencies
- Overstock
- Paid Promotions
- Patents
- Payment Methods
- Penny Auction
- Performance Marketing
- Personally Identifiable Information
- Pet Care
- Peter Shankman
- Pharmaceutical Manufacturers
- pre-orders
- Pre-recorded Message
- Price Match Guarantee
- Pricing Guides
- Pricing Practices
- Privacy
- Privacy Act
- Privacy Policy
- Privacy Practices
- Privacy Shield
- Pro-Consumer
- Products
- Professional Association for Customer Engagement (PACE)
- Promotion
- Proposed Rulemaking
- Public Database
- Publication of Age
- Publisher Magazine
- Q&A
- RCT Requirements
- Real Estate
- Real-estate-advertising
- Reasonableness
- Registration
- Regulations
- Resale Value
- Restrictions
- Retail Stores
- Revisions
- Risk
- Robocalls
- Roundtable
- Safe Harbor
- Sales
- Sales Practices
- Sales Tax
- Sandy
- SDNY
- SEC
- SEC disclosure
- SEC disgorgement
- SEC Form 10
- Section 17600 of the Business and Professions Code
- Securities Act of 1933
- Securities Act Section 17(b)
- Securities Exchange Act of 1934
- self-regulatory
- Sellers
- Service-Mark Infringement
- Settlement
- Sex Offenders
- SilverPush Apps
- Skill Contest
- Skin Care Products
- Smartphone
- Social Media
- Social Media Accounts
- Social Media Marketing
- Social Media Posts
- Social Networking
- South Dakota
- Southern District of Florida
- Spam
- Special Olympics
- Spotify
- State Law
- Statute of Limitations
- Subscribers' privacy rights
- Subscription Arrangements
- substantiation rules
- Super Lawyers
- Supreme Court
- Sweeping
- Sweepstakes Law
- Sweeptstakes Contest
- symposium
- Tasty
- TCCWNA
- TCPA
- TCPA Appeals
- TCPA Claim
- TCPA Class Actions
- TCPA Lawsuit
- TCPA Liability
- TCPA Regulation
- TCPA Ruling
- Tech Companies
- Tech Day New York 2017
- Telecom Law
- Telemarketers
- Telemarketing
- Telemarketing Calls
- Telemarketing Law
- Telemarketing Sales Rule (TSR)
- Telephone Consumer Act
- Terms & Conditions
- Text Message Ads
- Text Messages
- Text Messengers
- Textile Fiber Products Identification Act
- The 2017 ANA/BAA 39th Marketing Law Conference: Breakthrough: Legal Strategies for Dynamic Businesses
- The Kardashians
- The Pennsylvania Record
- Third Circuit Court
- Throttling
- Top Ten Complaints
- Trademark Clearinghouse
- Trademark Protection
- Trademark Rights
- Trademarks
- Transactions
- Transnational Criminal Organization (TCO
- Truth-in-Consumer Contract, Warranty & Notice Act
- U.S. Patent and Trademark Office
- Unauthorized Data
- United Kingdom
- Unsolicited Advertisement
- US Supreme Court
- Use Tax
- Velti
- Vermont
- Vermont House Bill 593
- Vicarious Liability
- Violations
- virtual reality
- Wal-Mart v. Dukes
- Warning Letter
- Washington D.C.
- Washington Law
- Washington’s Consumer Protection Act
- Web Agreements
- Web Browsers
- webOS
- Websites
- Western District of Washington
- White House
- World Trademark Review
Recent Posts
- Indiana AG Sues Promotions Company over Deceptively Advertised Sweepstakes
- Supreme Court Makes Class Arbitration Decision More Difficult
- North Dakota Introduces Automatic Renewal Law – Prohibits Renewal Periods Exceeding Twelve Months in Consumer Contracts
- Lustigman and Spina Publish Article in ABA’s What’s In Store Newsletter on FTC’s Enforcement Authority
- Andrew Lustigman Quoted in Legaltech News on Facebook’s Litigation Against Fake Accounts
- Luxury Daily Publishes Article by Safia Anand on What Brands, Advertisers and Influencers Can Learn From #FyreFestival
- Online Retailer Wins TCPA Lawsuit Based On Its Online Terms
- FTC Challenges Fake Paid-For Reviews on Amazon for The First Time
- FDA and FTC Focus On Dietary Supplement Industry Disease Claims
- New Bill Introduced in California Aims To Strengthen and Clarify CCPA
Archives
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
Contact Us
212.451.2258
Has the GDPR Been Domesticated?: Look Out for the California Consumer Privacy Act
Following the enactment of the European Union’s General Data Protection Regulation (“GDPR”), which went into effect on May 25, 2018, California has signed the California Consumer Privacy Act of 2018 (CCPA) into law, which will become operative on January 1, 2020. While companies who are now GDPR compliant will be in a better position to become compliant for CCPA purposes, there are still steps that even GDRP-compliant companies will need to take to become CCPA compliant. The full text of the CCPA can be viewed here.
While this is a lengthy act with certain ambiguities, in short the CCPA provides California residents broad rights to demand access to personal information, which is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It excludes information that is publicly available or aggregated so that the information cannot link back to an individual. Upon verifiable request, businesses must disclose to a consumer: (1) categories of personal information collected about the consumer; (2) categories of sources of the personal information; (3) business or commercial purpose for collecting/selling the personal information; (4) categories of third parties with whom the personal information is shared; and (5) the specific pieces of personal information the business has collected about the consumer. Additionally, businesses must keep separate lists of categories of personal information sold or disclosed for a business purposes during the prior 12 months. It is recommended that businesses develop internal procedures for handling and tracking requests.
Among other things, the law provides consumers with the right to opt out of a business selling their information and prohibits businesses from discriminating against consumers for exercising this right, including by charging consumers who opt out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data. The law also authorizes businesses to offer financial incentives for collection of personal information. Moreover, consumers will be able to request to have their information deleted, and businesses must comply. The law also requires that minors under age 16 have an opt-in right and requires that businesses that are subject to CCPA insert a link on their homepage, as well as in their privacy policy, that leads to an opt-out page for consumers, which they must be able to access without signing up for anything. Such requirements could have implications for company loyalty programs and it is not clear what the effects will be yet.
The CCPA does not apply to all businesses; however, the definition is broad so businesses should determine whether the law applies to them. Specifically, it applies to for-profit entities that (1) collect consumer’s personal information directly or through a third party; (2) alone or jointly determine the purposes and means of the processing of consumers’ personal information; (3) do business in the State of California; and (4) meet one of the following thresholds: (a) have annual gross revenues in excess of $25,000,000; (b) alone or in combination, annually buys, receives for the business’ commercial purposes, sells or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households or devices; and (c) derive 50 percent or more of their annual revenues from selling consumers’ personal information.
For the most part, the California Attorney General will be tasked with enforcing the CCPA, except that the CCPA provides a private right of action for data breaches and allows statutory damages of $100-$750 per consumer per incident, or actual damages, whichever is greater. This could lead to class action lawsuits, which could be costly for companies. In order to mitigate the risk of litigation and protect themselves in advance of the law taking effect, companies should encrypt the data they store if possible for their business and ensure that they have binding, enforceable arbitration provisions in their consumer contracts.
It is unknown if the federal government will enact a federal law, which will pre-empt the CCPA; however, it is recommended that companies start to prepare for the changes required by the CCPA sooner rather than later. There is a concern that if a federal law is not passed, each state could enact their own privacy law, which would be burdensome for companies to comply with. For instance, New Jersey recently proposed its own legislation.
TAKEAWAY: The protection of consumers’ personally identifiable information is extremely popular right now. Laws like the GDPR and the CCPA are continuing to be proposed and even though many questions surround these laws and how they will be enforced, we recommend that companies take a close look at their data collection and storage procedures, their privacy policies and their agreements with consumers to ensure that they are on their way to becoming compliant with any privacy regulations that could affect them.