Three Takes on California Consumer Privacy Act

Munger, Tolles & Olson partner Grant A. Davis-Denny recently authored three articles for Law360 addressing different elements of the new California Consumer Privacy Act (CCPA) that companies doing business in California must consider before the law goes into effect on Jan. 1, 2020.

One month after Europe’s General Data Protection Regulation (GDPR) went into effect, California introduced the CCPA – “the most aggressive privacy law in the United States,” according to Mr. Davis-Denny. In his Aug. 1, 2018 article titled “California’s Consumer Privacy Act vs. GDPR,” Mr. Davis-Denny writes that, although the CCPA is often described as a GDPR-like law, there are in fact significant differences between the two. Explaining that companies will need to make separate allowances to be in compliance with both regulations, Mr. Davis-Denny outlines where the privacy laws share commonalities and where they diverge.

In his Sept. 5, 2018 article titled “Confusion in California Privacy Act’s Anti-Discrimination Rule,” Mr. Davis-Denny explores a provision of the regulation that states that businesses cannot discriminate against consumers who choose to exercise their CCPA rights. The CCPA includes two exceptions to the provision, Mr. Davis-Denny explains, but there is a risk that the law will lead to confusion over the scope of this anti-discrimination provision and its exceptions.  

Mr. Davis-Denny and fellow attorneys Najee K. Thornton and Nefi D. Acosta published an article on Sept. 25, 2018 titled “What Corporate Attorneys Should Know About the California Privacy Act.” In the article, the authors discuss how the CCPA treats related entities, potential M&A implications of the new law and how the risk of being held liable for a vendors’ CCPA violations can be mitigated.

Mr. Davis-Denny is a litigator who counsels companies in the areas of data security, privacy and antitrust. His data security and privacy practice includes proactive compliance advice, incident response and litigation. Mr. Davis-Denny holds a CIPP/US (Certified Information Privacy Professional) certification from the International Association of Privacy Professionals.

Mr. Acosta is a litigator. He is a Certified Information Privacy Professional in U.S. and European regulations (CIPP/US & CIPP/E).

Mr. Thornton is a corporate attorney. His practice includes advising companies on M&A transactions.