The California Online Privacy Protection Act (CalOPPA) is a state statutory law that establishes the data privacy notice and transparency standards for the collection of the personally identifiable information of California consumers.
CalOPPA applies to operators of a commercial website or online service that collects personally identifiable information through the internet about individual consumers residing in California.
The term “personally identifiable information” (PII) is defined as individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form. An operator may be any person or entity that owns a website or online service that is operated for commercial purposes.
Operators must satisfy three general requirements:
Enforcement & Liability
An operator in violation of this statute must be notified of noncompliance by the California Attorney General. The operator then has 30 days to attain compliance. If compliance is achieved, the operator then has an affirmative defense available. Further, a violation must be negligent and material or knowingly and willfully. Injunctive relief may be available to
The California Attorney General enforcing the statute may seek civil fines under Bus. & Prof. Code § 17200, because violation of Cal-OPPA constitutes an unlawful business practice under the California Unfair Competition Law (UCL).