The Georgia Senate recently introduced an omnibus privacy bill modeled after (but significantly broader than) California’s Consumer Privacy Act (“CCPA”), titled the Georgia Computer Data Privacy Act (“GCDPA”). The introduction of the GCDPA is surprising in a number of ways, including its sponsorship by Republican leadership. It is also notable in the burdens it seeks to impose on businesses, surpassing even those in the CCPA and other recently enacted state privacy laws. However, given that the leadership of the controlling party in the Georgia legislature supports it, it is likely to pass, though perhaps not in its current form.
Some of the most notable provisions of the GCDPA include:
- Consumer consent required for collection of personal information. The GCDPA prohibits businesses from collecting personal information unless they have provided a notice and obtained the consumer’s consent. This is more onerous than the CCPA, which generally permits businesses to collect personal information as long as they provide a sufficient notice at or before the point of collection.
- Consumers must…
California delays CPRA regulations
The California Privacy Protection Agency (CPPA) was supposed to finalize new pri…