Efforts to regulate cross-device tracking have increased since we last addressed the topic in 2017, following the release of the FTC’s Staff Report. Significant developments include the implementation and enforcement of the EU’s General Data Protection Regulations (GDPR), and the fast-approaching implementation deadline for the California Consumer Privacy Act (CCPA). These regulations, while not targeting cross-device tracking specifically, seek to limit the way in which consumer data is tracked and sold.
For any company that has tackled GDPR compliance, the new privacy rights introduced by the California Consumer Privacy Act of 2018 (CCPA) will seem pretty familiar. It might even be tempting to assume that by being GDPR compliant, one is already most of the way there in terms of preparing for the CCPA. In “Countdown to CCPA #2: GDPR Compliance Does Not Equal CCPA Compliance,” colleagues Catherine D. Meyer, Steven Farmer, Fusae Nara and Rafi Azim-Khan explain how, similarities aside, there are significant differences between the two privacy laws.
Protecting consumer data privacy in the age of artificial intelligence and increased digital commerce is a growing concern. In June 2018, the California Consumer Privacy Act (CCPA) introduced provisions to protect consumers and became the first U.S. law that can be viewed as a response to GDPR. Going into effect on January 1, 2020, legislation of this scope has far-reaching tendrils that may breed unintentional consequences.