What You need to Know About the California Consumer Privacy Act of 2018

In light of how personal information may be vulnerable to misuse when shared on the Internet, AB 375, the California Consumer Privacy Act of 2018, was signed into law on June 28, 2018, by California Governor Jerry Brown. The law is to take effect on January 1, 2020.  Although it can be amended until then, there are some key provisions companies in California will want to be aware of. 

1.     Companies subject to this provision are companies:

a.     Who have an annual gross revenue in excess of twenty-five million dollars ($25,000,000);

b.     Who alone or in combination, annually buy, receive, sell, or share for commercial purposes, the personal information of fifty thousand (50,000) or more consumers; and

c.     Who derive fifty percent (50%) or more of its annual revenues from selling consumers’ personal information.

2.     The bill grants consumers the right to request a business to disclose the following:

a.     The categories and specific pieces of personal information that it collects about the consumer;

b.     The categories of sources from which that information is collected;

c.     The business purposes for collecting or selling the information; and

d.     The categories of third parties with which the information is shared.

3.     The bill also grants a consumer the right to request deletion of personal information and requires the business to delete such information upon receipt of a verified request.

4.     A business that receives a verifiable consumer request from a consumer to access personal information shall promptly take steps to disclose and deliver, the personal information free of charge to the consumer. A business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a  twelve (12) month period.

5.     The law permits consumers to opt out of the sale of personal information by a business and prohibits the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services. However, there is an exception “if the difference is reasonably related to value provided by the consumer’s data,” a consumer may not be able to opt out.

6.     Under this Act, companies are prohibited from the sale of personal data for individuals between the ages of thirteen (13) and sixteen (16) years old unless they specifically “opt in” by a parent or guardian who must provide consent.

7.     Under this Act, consumers will have the right to undertake civil actions against a service in the event of a data breach or exposure. Businesses may be subject to damages ranging from one hundred dollars ($100) to seven hundred and fifty dollars ($750) per consumer per incident, or may be based on actual damages, whichever is greater.

ASIC Starts to Crackdown on ICO's

The Australian Securities and Investment Commission (ASIC) released a statement May 1, 2018, informing companies that ASIC will take action against companies that sell digital or virtual tokens via initial coin offerings (ICOs) if their conduct or statements are misleading or deceptive. ASIC is currently issuing inquiries to ICO issuers and their advisors where ASIC identifies conduct or statements that are misleading or deceptive, especially in marketing material and White Papers. ASIC recommends that any company selling something to Australians, whether it is a financial product or a utility token, ensure they are in compliance with the Corporations Act 2001, and are properly licensed if necessary.

 Link to the May 1, 2018, Statement: https://www.asic.gov.au/about-asic/media-centre/find-a-media-release/2018-releases/18-122mr-asic-takes-action-on-misleading-or-deceptive-conduct-in-icos/

The Updated ASIC Information Sheet for ICO and Companies in the Cryptocurrency Space: http://www.asic.gov.au/regulatory-resources/digital-transformation/initial-coin-offerings-and-crypto-currency/#financial

Legal Changes for ICO's in Pakistan

On April 6, 2018, the State Bank of Pakistan (SBP) advised that virtual currencies/coins/tokens are neither recognized as a legal tender, nor has SBP authorized or licensed any individual or entity for the issuance, sale, purchase, exchange, or investment in any virtual currency/coins/tokens in Pakistan. Further, banks, development finance institutions, microfinance banks, and payment system operators (PSOs)/payment service providers (PSPs) have been advised not to facilitate their customers/account holders to transact in virtual currencies or initial coin offerings (ICOs). Domestic and international payment and money transfer services in Pakistan are regulated by SBP under applicable laws. In this regard, no entity is currently licensed or authorized by SBP to offer money remittance services and products in Pakistan using virtual currencies/coins/tokens. Persons using virtual currencies/coins/tokens for the purpose of transferring value outside of Pakistan are subject to prosecution as per the applicable laws.

 Source: http://www.sbp.org.pk/press/2018/Pr-VC-06-Apr-18.pdf

Source: https://tribune.com.pk/story/1679446/2-pakistan-bans-cryptocurrencies/    

Gagnier Margossian LLP Partner Targeted by Perpetrator in Online Harassment Case

Gagnier Margossian LLP routinely provides legal representation of victims of online harassment, including all forms of cyber exploitation. Unfortunately, an occupational hazard of doing such work is that these perpetrators sometimes turn their tactics on our firm as counsel.

Recently, after successfully advocating for a client who has been maliciously harassed for nearly two years, the perpetrator has decided to turn her attention to one of our partners, Christina Gagnier. The firm has discovered at least one post that is, in the most generous of descriptions,  patently defamatory, disgusting and outrageous.

Gagnier has served as a member of the Federal Communication Commission’s Consumer Advisory Committee and California Attorney General Kamala Harris’ Cyber-Exploitation Task Force. Christina has been a subject matter expert on Cyber Exploitation to California's Commission on Peace Officer Standards and Training (POST).

In addition to her practice, Gagnier is Adjunct Faculty at the University of California at Irvine School of Law, teaching privacy law and serving as clinical faculty for the Intellectual Property, Arts, and Technology Clinic, in which the Clinic creates resources for victims of online harassment. Christina further sits on the Board of Directors of Without My Consent, tackling issues like online harassment and revenge porn. She also recently worked on SB 157, which successfully passed in the California State Legislature.

Christina was also recently published in the most recent edition of Domestic Violence Report with her article “Cyber Exploitation and the Perpetration of Digital Abuse.” The irony does not escape this firm that Christina now finds herself a victim of the behavior she routinely fights against.

The team at GAMALLP wants to make it clear that we will not succumb to harassment in any form.

Join GAMA - We're Hiring

We're Hiring...

Boutique technology litigation and tech transactions shop seeks Associate to join its team. Looking to add someone with a focus on corporate law, securities, and data privacy. Our firm, headquartered in San Francisco, California, splits its practice into a number of areas, including: emerging businesses, business law, data privacy and security, corporate securities and finance, cryptocurrency advisory services, litigation, intellectual property, taxation, international regulatory compliance and Internet law.

General Details:

  • Will evaluate all dynamic candidates, but looking for 3+ years of experience;
  • Must be able to work in a fast-paced, distributed environment and report to partners constantly on the go;
  • Must be able to delegate and effectively communicate with support staff; and
  • Litigation experience and/or securities law experience, particularly Regulation D, a plus.

Either private firm or government agency experience acceptable.

Bonus points for someone who may have also practiced U.S. privacy and data security law (federal and state). Experience with technology industries, issues lying at the intersection of government regulation and technology, or FTC policy and enforcement regarding privacy and data security issues is desirable. EU law experience, esp. GDPR familiarity, even more points.

Further bonus points for someone with experience as securities and finance counsel.

This opportunity is for an initial contract term position for the parties to figure out if it is the “right” fit. Salary commensurate with skill set and experience.

Location: SF, LA, OC, NYC, DC.

Please submit: Cover Letter (direct and well-written - why this sounds cool), Resume, Writing Sample(s), References (3), and any publicly available information relating to litigation or transactions the candidate may have worked on. 

Position on Oxford comma should also be made available. 

Please send materials to gamalaw@gamallp.com