/ California Consumer Privacy Act (CCPA) and their effects in Chile

27 January, 2019

Data Privacy and its regulation continue to be on the news. In June 2018, and as an unprecedented event in the United States of America, California issued the first regulation of the country that fully regulates data privacy, with similar standards to those contemplated in the European GDPR. We refer to California Consumer Privacy Act (CCPA).

This regulation established its entry into force on January 1st, 2020. However, it establishes a 12-month “look back” period, which means that companies subject to the jurisdiction of California must register personal data collected in the period of 12 months before the entry into force, that is, from January 1st , 2019.

In this sense, companies will have to identify the personal data previously collected, it´s nature, identify the purpose of the processing, the data transferred and sold, among other aspects, which will force to update these records. Considering that the largest technology providers have their hub or development center and analytics in Silicon Valley, Palo Alto and other areas of the state of California, and that many of them provide services to Chilean companies, and if you considered that GDPR did not apply to your business (in spite of its extraterritoriality, specifically contemplated in the Third Article of said regulation) or that you would wait for the entry into force in Chile of the new Personal Data Protection Act in order to adapt the data processing. Now there is a new legal ground to begin today your assessment of the scope and nature of the data processing of your business, especially if today you work with data processors from the European Community and, as of this year, also from California.