My advice (Disclaimer: I’m not a lawyer) is to use GDPR as your baseline privacy framework then manage the gaps for tricksy places like California…:
Companies that do business in California know that it is a magnet for class action litigation. The California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California residents, will provide even more incentive to plaintiff’s attorneys to bring suit in California.
The CCPA was enacted in early 2018 as a political compromise to stave off a poorly drafted ballot initiative. Although the CCPA is scheduled to go into force in early 2020, there is a great deal of confusion regarding the requirements of the CCPA, including the degree to which it aligns with other privacy regulations such as the European General Data Protection Regulation (“GDPR”). To help address that confusion, BCLP is publishing a multi-part series to address the most frequently asked litigation-related questions concerning the CCPA. BCLP is also working with clients to assess – and mitigate – litigation risks for when the CCPA goes into effect by putting in place the policies, procedures, and protocols needed to comply with the Act.