There seems to be a rise in fearmongering about the next big potential privacy legislation on the horizon after GDPR – the California Consumer Privacy Act of 2018. Consultants, bloggers, and, sadly, some well-respected law firms, have hyped the initiative as “very similar to the GDPR,” and a “sweeping, GDPR-like privacy regime.”
However,California Consumer Privacy Act of 2018 is not like GDPR. The Act is not an “act” at all – it is an initiative that may appear on the ballot in California during the November elections. And while the ballot initiative proposes some interesting, and arguably misguided, privacy requirements, few of those requirements have any analog within the GDPR. Furthermore equating the California initiative to the GDPR masks its real aim, purpose, and danger.