Understanding CCPA and its Impact

First Reviewed : September 3, 2019
Last Reviewed: September 3, 2019

In the wake of the data scandals like Facebook-Cambridge Analytica, the California State Legislature on June 28, 2018, passed the California Consumer Privacy Act (“CCPA”), which is by far the most sweeping consumer privacy law in the United States. The CCPA will take effect on January 1, 2020 and is aimed at enhancing privacy rights and consumer protection for residents of California.[1]

The rushed drafting and passage process is said to have led to some inconsistencies in the law. However, a host of amendments have been proposed to rectify issues ranging from non-substantive grammar changes to significant modifications to the scope and specific provisions of the law. Some of these suggested amendments have passed the Assembly and are now awaiting action in the Senate.

The California State Senate has until September 13 to make the changes and send the CCPA amendments to the governor so that it can be signed into law by October 13.

With only a few days left in the process, businesses around the globe are waiting eagerly to see which amendments will pass and how these amendments will finally impact them.


Under the CCPA, consumers have a right to request businesses to disclose the categories and specific pieces of personal information collected about them in the preceding 12 months. Therefore, CCPA compliance may well be necessary sooner than the effective date.

What does the CCPA entail?

Like the GDPR, CCPA is a significant legislation on privacy law and is expected to have a global impact, given California’s status as the fifth largest global economy. The CCPA primarily “focuses on transparency obligations and on provisions that limit selling of personal information, requiring a ‘Do Not Sell My Personal Information’ link to be included by businesses on their homepage. In addition, the CCPA includes specific provisions in relation to data transferred as a consequence of mergers and acquisitions, providing consumers with the right to op-out if the ‘third party materially alters how it uses or shares the personal information of a consumer in a manner that is materially inconsistent with the promises made at the time of collection.’”[2]

A business is only subject to the CCPA if it

  • is for profit,
  • does business in California,
  • collects consumers’ personal information, or
  • determines the purposes and means of processing consumers’ personal information.

The CCPA only applies to a business that

  • has annual gross revenue in excess of $25 million;
  • annually buys, receives for commercial purposes,
  • sells, or shares for commercial purposes personal information of 50,000 or more consumers, households, or devices; or
  • derives 50% or more of its annual revenue fromselling consumers’ personal information.


What are some of the proposed CCPA Amendments to look out for?

Data Brokers: Businesses that knowingly collect personal information of consumers with whom they don’t have a direct relationship and sell to third parties, would be required to register with the California Attorney General’s Office to enable consumers to exercise their rights under the CCPA, including to opt-out of the sale of their personal information.

Motor Vehicle Dealer and the Manufacturer: A new exemption may be in place that would permit information sharing between a new motor vehicle dealer and the vehicle’s manufacturer if the information is retained or shared pursuant to, or in anticipation of, a vehicle repair relating to warranty work or a recall. (New § 1798.145(g).)

Insurance Companies: One of the Amendments is likely to add a new exemption to eliminate a consumer’s right to request a business to delete or refrain from selling the consumer’s personal information under the CCPA if it is necessary to retain or share the consumer’s personal information to complete an insurance transaction requested by a consumer. (New § 1798.145(f).)

With the mounting amendments, it is important to keep a finger on the pulse of the compliances. LegalEase recently provided a Fortune 500 financial corporation with an audit of their privacy practices. The client received a rigorous and company-wide privacy audit; dissection of all personal information handling practices, and critical corrective suggestions that accomplished maximum security.

LegalEase Solutions offers corporate legal departments and law firms innovative support with regulatory compliances. Our team is designed to function as an extension to your legal practice or department, providing you the capabilities and resources to stay up to date with your needs. If you have a project you need a hand with, feel free to reach out to us at contact@legaleasesolutions.com. Our team is happy to assist.

[1] https://www.verasafe.com/blog/how-to-comply-with-the-california-consumer-privacy-act-introduction-to-the-ccpa/

[2] https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf

Share the Post: