Following the enactment of the European Union’s General Data Protection Regulation (“GDPR”), which went into effect on May 25, 2018, Google has now been fined heavily for violations of the law. On January 21, 2019, the Commission nationale de l’informatique et des libertés (“CNIL”), the French data privacy authority, fined Google €50 million (approximately U.S. $57 million) for violating the GDPR because it did not properly ask its users for consent to use their data to personalize advertising and because the company makes it too hard for users to find out how their personal information is used and how long that information is stored. This is the largest financial penalty for a privacy breach in Europe.
Following the enactment of the European Union’s General Data Protection Regulation (“GDPR”), which went into effect on May 25, 2018, California has signed the California Consumer Privacy Act of 2018 (CCPA) into law, which will become operative on January 1, 2020. While companies who are now GDPR compliant will be in a better position to become compliant for CCPA purposes, there are still steps that even GDRP-compliant companies will need to take to become CCPA compliant. The full text of the CCPA can be viewed here.