by 
Before the CCPA’s birth, several significant data breaches and scandals shook the world. Incidents involving vast amounts of personal data misuse, such as the Cambridge Analytica scandal in 2016, acted as catalysts, pushing lawmakers and privacy advocates to reconsider and reinforce existing data protection mechanisms.
CCPA was an unexpected brainchild of Alastair Mactaggart, a real estate developer with no previous background in data privacy. Inspired by a casual conversation with a Google engineer, Mactaggart embarked on a mission to bolster consumer privacy rights. He personally funded and spearheaded a ballot initiative to give Californians more control over their personal information.
In 2017, Mactaggart and his team carefully crafted a privacy initiative for the November 2018 ballot. His motive was clear: to empower consumers with control over their personal information, allowing them to know what private data businesses collected and allowing them to prevent the sale of their data.
The ballot initiative started to gain traction, acquiring significant signatures and stirring conversations around consumer data privacy. Its momentum became a powerful driving force that prompted the state legislature to take notice.
Facing the possibility of the initiative becoming law through the ballot, which would make future amendments difficult, legislators and industry stakeholders sought a compromise. Assembly Bill 375, a more flexible version of Mactaggart’s initiative, was quickly introduced and passed by the California Legislature and signed into law by Governor Jerry Brown on June 28, 2018.
The CCPA as we know it today took effect on January 1, 2020, granting California consumers robust data privacy rights and protections. However, the California Attorney General’s official enforcement of the CCPA started on July 1, 2020.
The two key provisions of CCPA are that:
- Consumers receive rights such as access to personal information collected, deletion rights, and the right to opt out of selling their data.
- Businesses must disclose data collection and sharing practices to consumers, secure consumer data, and avoid selling children’s information without consent.
It is important to understand that CCPA has an extraterritorial scope, meaning it doesn’t only apply to businesses located in California but also affects entities globally that meet specific criteria related to Californian consumers.
Several US states (Virginia, Colorado, Washington, New York, Nevada, Maryland, Massachusetts, Oklahoma, and more) have looked at the CCPA as a model, developing their own consumer privacy laws inspired by California’s statute that are already in effect.
Along with GDPR, the CCPA has established a substantial global footprint, setting a precedent influencing data protection laws worldwide. All media buyers and publishers must be familiar with these regulations to ensure they don’t get fined, shut down, or prosecuted for unknowingly breaking them.
