Is the California Consumer Privacy Act the next GDPR? Yes, so don’t worry
A friend in the local WordPress Slack channel cited a recent post on the tech site Ad Age and added “in case you haven’t heard – California’s new “Consumer Privacy Act” (‘GDPR’) law goes into effect January 2020. Clients should start taking their Privacy Policies more seriously. Fines of $750/privacy violation + AG can sue for $7,500 for each ‘intentional’ violation.”
Marketers and tech companies confront California’s version of GDPR
California passes digital privacy law similar to the GDPR and yes, every brand, agency and tech company under the sun will be impacted
Ad Age, Jun 29th, 2018
As I used to tell my children, take three deep breaths. No, every brand, agency, and tech company under the sun probably won’t be “impacted” by California’s Consumer Privacy Act.
Observation #1 from the GDPR thing: lawyers made it sound way scarier than it actually was. That’s not knocking lawyers, but their job is to ensure zero liability for clients even if it costs them infinite billable hours
Observation #2 from the GDPR thing: virtually nobody cares — to the best of my knowledge no one’s ever used GDPR to sue anyone except maybe Google and Facebook under GDPR, and those people were suing them anyway.
Observation #3 from the GDPR thing: In a timely manner WordPress developers added features for GDPR compliance (stating your policy, right to see what the site “knows” about you, right to remove that stuff) are common courtesy and good user hygiene anyway.)
Observation #4 about the new CCPA: Most of what you’re going to see will be written by lawyers, who’ll take the worst possible cases to heart. If it’s actually a big deal then a plugin and/or WordPress core will deal with it. Otherwise if a site is generally GDPR compliant it’ll be CCPA compliant too.
Observation #5 Unless you cough up a massive data breach that exposes sensitive user data (that you shouldn’t be storing on a WordPress site anyway) you’re probably going to be fine.
Bottom line this is another one of those chicken-little situations where as long as you’re doing the reasonable things to protect user privacy (and it’s not actually that hard to do) then complying with user privacy regulations isn’t that big a deal.