105, you delete all such information. That, per Cal. Civ. Code section 1798.110, you disclose to me the categories of sources from which my personal information was collected and the categories of third parties with whom you share my personal information. That, per Cal.

For instance, if a business shares personal information with a third party, that can trigger certain disclosures that must be made to the consumer. See Cal. Civ. Code § 1798.110(a)(4). Likewise, third parties must provide notice to consumers before “selling” personal information they receive to others (as that word is broadly defined in the CCPA), as well as a mechanism by which consumers can exercise their newfound right to opt out.

14 One of the significant compliance challenges presented is the degree of specificity of PI that must be provided to a California resident when responding to a verifiable consumer request. See, Cal. Civ. Code § 1798.110(c)(5).

"3 As a result, on its face this exception would allow an employer to refuse to honor an access request that would interfere with the rights and freedoms of another California employee; it would not necessarily allow the company to refuse to honor an access request that would disclose information about an employee who was the resident of a different state or country.In comparison, the European GDPR contains a broader exception to rights of access that allows a controller to refuse an access request if honoring it would “adversely affect the rights and freedoms of others” – regardless of their nationality or residency.41. Cal. Civil Code 1798.110(a)(5), (b).2. Cal.

Civil Code 1798.100(a) Cal. Civil Code 1798.110(a)(1)-(5), (b) Cal. Civil Code 1798.

Civil Code 1798.100(b) (disclosure required at point of collection) Cal. Civil Code 1798.110(c) (contents of privacy notice) Recital 58 (discussion of transparency principal) Recital 60 (discussion of contents of privacy notice) Recital 61 (discussion of timing of privacy notice) Recital 62 (discussion of redundancy of information) Article 12 (prohibition on charging for privacy information) Article 13 (privacy notice requirements for direct collection of personal data) Article 14 (privacy notice requirements for indirect collection of personal data) [View source.]

Since there has been much discussion of the obligations under the EU’s GDPR already (see our earlier post here), this post summarizes some of the key similarities and differences between the two regulations.Similarities Between GDRP and CCPA Among the most noticeable similarities, the two regulations provide consumers with the right to obtain disclosure of the personal information a company has, as well as disclosure of the source of collection, the nature of the information collected, whether the information was disclosed, transferred or sold to third parties and the business purpose justifying the storage of data. Cal. Civ. C. §1798.110(a)(1) through (5); GDPR Art. 14 Sec.1 (b) through (c) and Art. 13 Sec.1(c). The GDPR further provides that a business must disclose the period during which the information is stored.

CIV. CODE § 1798.140(y) and subject to “regulations adopted by the Attorney General.” See FAQ 9. [36] CAL. CIV. CODE §§ 1798.110, 130(a)(3)(B). [37] CAL. CIV. CODE § 1798.100(a)(1), 110(a)(5).