California Privacy Laws – CCPA, Shine the Light, CalOPPA
California has the nation’s most advanced privacy laws, since it has been a leader in data privacy and security in the United States for some time. It was one of the first states to provide an express right to privacy in its constitution. It became the first state to enact a breach notification law in 2002. It is was the first state in the country to require online services collecting personal information to post a privacy policy. Because California is one of the world’s top ten largest economies, one out of eight Americans live there, and it is the home of many Silicon Valley technology companies, it plays an important role in setting privacy standards in the United States.
Here are overview of some of the leading California privacy laws:
The Right to Privacy in California’s Constitution
Section 1 of the California Constitution declares that the people have inalienable rights including the right to privacy. The amendment providing this right to privacy was ratified by the voters in 1972. It was one of the more than 500 amendments or revisions to the California Constitution between 1911 and 1986.
California Online Privacy Protection Act
CalOPPA was the first law in the nation to require commercial websites and online services to post a privacy policy. It went into effect in 2004. In 2012, the California Attorney General notified app providers that the law applied to mobile applications for smartphones and tablets collecting personally identifiable information. In 2013, the law was amended to require privacy disclosures regarding tracking of online visits.
Shine the Light
This California law regulates businesses that disclose the personal information of customers to third parties for direct marketing purposes. It requires customers to be informed of the disclosures and carries a civil penalty of $3,000 for each violation. It became a law in 2003 when it was passed by the California legislature and signed by Governor Gray Davis. It went into operation on January 1, 2005.
Privacy Rights for California Minors in the Digital World Act
The law allows minors to remove some online content they post and restricts certain types of online advertising to minors. It expands the online safeguards available from COPPA, the federal law protecting children online. Children under 18 years of age may request removal of content or information posted on a website or mobile app. Operatures must provide notice of the right to erasure and provide registered users who are minors clear instructions on how to exercise their right. The law also prohibits websites and mobile applications directed to minors from advertising or marketing alcoholic beverages, firearms, handguns, tobacco, dangerous fireworks, tanning beds, tattoos, aerosol paint containers and certain dietary supplements.
California Consumer Privacy Act
GDPR-lite, as many people are referring to it already, was signed into law in June 2018 and goes into effect on January 1, 2020. It provides the right to access and delete personal information for California residents. It also provides the right to opt out from the sale of personal information by businesses to third-parties. For children under 16 years old, it requires businesses to provide the right to opt in to the sale of children’s data instead of the opt out right provided to adults.
Improve Data Privacy for GDPR or CCPA with Clarip
The Clarip team and enterprise privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent management software.
Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.