DataGuidance confirmed, on 28 June 2018, with Robert Blamires, Counsel at White & Case LLP, that the California Governor, Jerry Brown, had signed and enacted into law The California Consumer Privacy Act of 2018 (AB 375) ('the Act') on 28 June 2018, after it was passed unanimously by both houses of the California State Legislature.

Blamires highlighted, "The Act will not become effective until January 2020, giving businesses 18 months to establish compliance protocols. The implications of the Act are significant. It will apply to legal entities that operate for-profit, do business in California, collect California consumers' personal information, and have annual gross revenue of more than $25 million, sell the personal information of 100,000 or more consumers or devices, or derive 50 percent or more of their annual revenue from selling consumer information. Under the Act, businesses will be required, among other things, to disclose what categories of personal information they collect from California consumers and to whom they sell or disclose that personal information. Businesses will also be under an obligation to give California consumers the option to opt out of having their personal information sold to third parties."

Blamires also confirmed, "Alastair MacTaggart, the main supporter of a separate ballot initiative, also known as the California Consumer Privacy Act of 2018, which was more stringent than the Act, pulled his initiative from the November general election ballot. Businesses have avoided more significant obligations that would have been enacted if MacTaggart's ballot initiative had passed in November. The ballot initiative would have enacted all the same requirements as the Act, but would have provided for larger civil penalties for private litigants and prohibited any discrimination by businesses based on whether a consumer opted out of having their information sold to third parties."

You can read the Act here and its history here.