CONVENIENCE V. CONFIDENTIALITY: The California Consumer Privacy Act and the Limits of its Private Right of Action

A Note by Zachary Read

Download full note here.

In the United States, the most recent attempt to balance business interests and consumer concerns has come from California, in the form of the California Consumer Protection Act (the “CCPA,” or the “Act”), which went into effect January 1, 2020.[1]  The Act has created a seemingly robust set of rights for consumers to know what information businesses have about them, what is being done with that information, and how they may request to delete such information.[2]  However, the CCPA has also left businesses confounded on how to properly comply with the Act because of its amorphous reasonableness standard.[3]  As the Act continues to proliferate into the ordinary course of business, courts should adopt a clear reasonableness standard that aids administration and business planning.

[1].                         Richi Jennings, CCPA, California’s GDPR, confuses and confounds, TechBeacon (Jan. 2, 2020), https://techbeacon.com/security/ccpa-californias-gdpr-confuses-confounds.

[2].                         See Sara Morrison, California’s new privacy law, explained, Vox (Dec. 30, 2019, 6:50 PM), https://www.vox.com/recode/2019/12/30/21030754/ccpa-2020-california-privacy-law-rights-explained.

[3].                         See Jennings, supra note 8.