Get Ready for Another Round of Privacy Policy Updates
/The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The CCPA is the first comprehensive state-wide attempt to protect individual data privacy rights. The CCPA is designed to protect the rights of California citizens: to know what information is collected about them by online platforms, to object to such collection (opt out), and to request information be deleted. For ag tech platforms that mostly serve farmers outside of California (but perhaps have a few users inside California) the threshold question is does my company have to comply with the CCPA? This post answers that question.
The CCPA is extraterritorial in scope—meaning it intends to apply even if a company has no physical presence in California. However, there are limits to the act’s reach. The CCPA applies to “for profit businesses that collect and control California residents’ personal information, do business in the State of California, and (a) have annual gross revenues in excess of $25 million; or (b) receive or disclose the personal information of 50,000 or more California resident, households, or devices on an annual basis; or (c) derive 50% or more of their annual revenues from selling California residents’ personal information.”
Note that one of the thresholds is 50,000 devices in California. This means that many ag tech sensor providing companies will have to comply, even though they only have a few California customers, if they have 50,000 device sales in California.
A protected consumer can sue an ag tech provider that fails to comply with the CCPA (but should have), seeking damages between $100 and $750 per incident, or actual damages if those are greater.
The CCPA does not directly address ag data privacy, only matters related to personal information. That means projects like the Ag Data Transparent certification, which focus on only ag data, remain relevant in an era of increased scrutiny on how companies collect personal information. Still, every ag tech provider should determine whether it needs to comply with the CCPA.
———
Read the CCPA here: California Consumer Privacy Act
Todd Janzen is not licensed in the State of California. You should consult an attorney to determine whether you need to comply with the CCPA.