California’s New Privacy Law and What it Means for Canadian Businesses

On June 28, 2018, the California legislature passed a new privacy law, the California Consumer Privacy Act of 2018 (“CCPA”), which will come into effect on January 1, 2020. The CCPA could impact Canadian organizations doing business in California, the world’s fifth largest economy (with a larger population than Canada), even if they have no physical presence in the state.

The law regulates organizations doing business in California and collecting personal information about California consumers (essentially defined as California residents) and households, which organizations either: have annual gross revenues in excess of U.S. $25 million; buy, receive, sell, or share the personal information of more than 50,000 California residents; or derives 50% or more of its annual revenues from selling California residents’ personal information. “Doing business in the state of California” is likely to be interpreted as covering businesses with no physical presence in California but offering products or services in this state through the Internet. As such, It is likely that many Canadian organizations conducting business online will be subject to the CCPA if they collect personal information about California residents. These organizations should take note that complying with the Personal Information Protection and Electronic Documents Act  (PIPEDA) will not necessarily be sufficient to ensure compliance with the CCPA (and vice versa).

François Joli-coeur prepared a great bulletin which provides a high level comparison between this new Californian law and PIPEDA.

To read the bulletin, click here.

This content has been updated on July 16, 2018 at 12 h 31 min.