The California Consumer Privacy Act ("CCPA") was enacted in early 2018 as a political compromise to stave off a poorly drafted, and plaintiff’s friendly ballot initiative.  Although the CCPA is scheduled to go into force in early 2020, there is a great deal of confusion regarding the requirements of the CCPA, including the degree to which it aligns with other privacy regulations such as the European General Data Protection Regulation (“GDPR”).

To help address that confusion, BCLP published the California Consumer Privacy Act Practical Guide, and is publishing a multi-part series that discusses the questions most frequently asked by clients concerning the CCPA.

Q. Did the CCPA create the right to be forgotten?

No.

While the CCPA expands the number of individuals that may request that their information be forgotten, and the number of companies that must honor such requests, there were, and continue to be, other laws – both in the United States and in Europe – that confer a right to be forgotten. 

In the United States, while the majority of privacy laws do not include a right to be forgotten, the Children’s Online Privacy Protection Act (“COPPA”) has an analogous provision.  COPPA regulates the online collection of information from children under the age of 13.  Pursuant to the rules implementing COPPA, parents have a right to review “or have deleted the child’s personal information.”¹

In Europe, a right to be forgotten has existed for over twenty years – first in Europe’s Privacy Directive which was adopted in 1995 and, more recently, in Europe’s GDPR. The following compares the right as presented under the GDPR and under the CCPA:

1. 16 C.F.R. § 312.4(d)(3).

2. GDPR, Article 17(1).

[View source.]