© All rights reserved to Barnea Jaffa Lande Law offices

Together is powerful

New Comprehensive Privacy Protection Law Comes into Effect in California

California recently passed a sweeping consumer privacy law that significantly increases the protection provided to people whose personal information is being collected. The legislation also imposes various rules and obligations on businesses and companies that make use of such information. This law will apply to anyone collecting and making use of the personal information of residents of California, and thus may also apply to Israeli companies doing business in California, which is considered one of the world’s five leading economies.

 

This latest development clearly demonstrates that businesses and companies that collect and/or make use of personal data must regroup in terms of the way they do so, regardless of the location from which they operate and regardless of the markets they are targeting. In May 2018, the European Union General Data Protection Regulation (GDPR) came into effect. The GDPR applies to anyone with an establishment in the EU, to anyone offering goods or services to people in the EU, and/or to anyone monitoring the behavior of natural persons in the EU. Regardless of whether or not the GDPR applies to a particular business or company (and some companies significantly revamped their business models in order to avoid being subject to these regulations), this new strict data protection regime in California shows us that the revolution in privacy protection is not limited to Europe. European regulations are clearly paving the way for non-European legislators and regulators, since these regulations are considered the current pinnacle in terms of the efforts to implement stringent personal data protection. Countries outside of the European Union are now striving to reach this pinnacle.

 

Therefore, it would be wise for businesses and companies that make use of personal data to well consider ensuring that their operations are consistent with the principles of the GDPR already today, in order to avoid the negative repercussions on their businesses when this and other new privacy protection laws and regulations come into effect.