April 28, 2020

Nefi Acosta on IP Addresses and the California Consumer Privacy Act

As companies parse out the relevance of the Consumer Privacy Act (CCPA), Nefi Acosta asks “Are IP Addresses ‘Personal Information’ Under the CCPA?” in the International Association of Privacy Professionals’ expert series known as The Privacy Advisor on April 28, 2020.

Munger, Tolles & Olson attorney Nefi Acosta outlines how companies will need to decide whether the internet protocol (IP) addresses they collect from consumers are considered “personal information” and thus within the scope of this new law. In short, Mr. Acosta explains, this is no simple task.

For many businesses, the collection of data such as IP addresses provides multiple benefits from advertising to deterring malicious activity. Mr. Acosta delves into the CCPA’s proposed regulations and how its nuances pose a challenge for companies attempting to strike a balance between growing their business and adhering to privacy obligations. Because if IP addresses can be linked to individuals under the CCPA, then businesses may find themselves subject to additional obligations under the statute and forced to rethink how they handle IP addresses as part of their online presence.

Drawing global comparisons, Mr. Acosta references the European Union’s recent General Data Protection Regulation (GDPR) to examine the need for companies to closely assess their use of IP addresses.

Nefi Acosta is an associate in the Los Angeles office of Munger, Tolles & Olson. He has experience advising public and private companies on compliance with data privacy and security regulations. He also has experience litigating in federal and state court, including writing dispositive motions, taking depositions and managing all aspects of discovery.