In a recent guest article for The Times, co-leader of Pillsbury's global Data Privacy practice Rafi Azim-Khan writes that global authorities are combatting privacy threats from big data, tracking and surveillance with a "growing tsunami of regulation," including the EU's General Data Protection Regulation and new laws in New York and California, that is designed to empower consumers against technology's overreaches.
Azim-Khan specifically covers the California Consumer Privacy Act (CCPA), which went into effect on January 1 and applies to UK companies (and many others) doing business in California, regardless of whether they have a physical presence in the state. The law's reach is in keeping with the "regulatory trend" of extra-territoriality, he writes.
Azim-Khan also cautions UK companies not to assume that complying with the game-changing GDPR means compliance with the CCPA.
"This is a dangerous fallacy," he warns. "Although cut from a similar cloth, there is a significant divergence: The CCPA catches fewer businesses but extends broader rights."
"The CCPA confers a host of new responsibilities, from imposing additional on-demand disclosure rights to requiring the updating of privacy policies annually," Azim-Khan concludes. Compliance with the GDPR is a start, but in a globalized marketplace, businesses need to be able to ride the entire regulatory wave."
Originally Published by; The Times
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.