On July 24, 2019, the FTC announced a $5 billion settlement with Facebook to address Facebook’s alleged violations of the FTC Act and its 2012 consent order with the FTC. The settlement comes as no surprise to the privacy community – Facebook has been closely scrutinized by the public and regulators since the Cambridge Analytica data incident in March 2018 and indicated to investors earlier this year that it anticipated a fine from the FTC between $3 and $5 billion.
This afternoon, Governor Brown signed into law California Assembly Bill 375, the California Consumer Privacy Act of 2018. The law is unprecedented in the United States that it applies European-level compliance obligations akin to the now infamous General Data Protection Regulation (GDPR), which took effect only a month ago. How did this happen? California legislators rushed a bill through to avoid a ballot initiative proposed by Alastair Mactaggart. Mactaggart agreed to withdraw the initiative if a law was signed by the Governor by today. The law takes effect on January 1, 2020. (And if you think that’s a long time, then you did not just live through the last 18 months working on GDPR preparedness.) What does AB 375 mean for organizations doing business in California? It includes new disclosure requirements, consumer rights, training obligations, and potential penalties for noncompliance, among other things.
Below are some of the key provisions: