The Georgia General Assembly has introduced the Georgia Computer Data Privacy Act (GCDPA), an omnibus privacy statute modeled after California’s Consumer Privacy Act (CCPA). The GCDPA is stricter in a number of ways. Its top 10 issues include 1. Consumer consent is needed to collect data, 2. GCDPA seems to encourage privacy class action, 3. GCDPA adopts CCPA’s “sales” definition, 4. Opt-in required to “sell” data, 5. “We Sell Data,” notices required, with more detail than in California, 6. Not just a right of Deletion, but an additional “Right to Be Forgotten, 7. Corporate research can only be done with anonymized data, 8. Anonymous data cannot be reidentified without “the consumer’s consent or authorization, 9. No carve-outs for B2B data or employee data and 10. Georgia AG does not have exclusive enforcement authority.
