Is GDPR Legislation Coming to U.S. Hotels?
July 10, 2018 12:23pm
By Jim Butler and the Global Hospitality Group®
10 July 2018
Privacy legislation is dominating the news cycle these days–and it’s unlikely to slow down. Now, as U.S. companies are adjusting to the requirements of the European Union’s General Data Protection Regulation, the State of California has introduced new laws that will apply to California companies or companies doing business in California. Senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group Bob Braun discusses the implications of the new legislation and how it will impact hotels, below.
California Adopts the California Consumer Privacy Act of 2018
On June 28, 2018, just more than a month after the EU’s General Data Protection Regulation (GDPR) went into effect, imposing broad obligations and restrictions on any entity collecting personal information of EU citizens and residents, the California legislature has passed AB 375, and the governor has signed, the California Consumer Privacy Act of 2018, providing many of the same protections and sure to upend privacy regulation in the United States. The Act was passed by the State Assembly and signed into law by Governor Jerry Brown on June 28, 2018.
Hotel companies have been grappling with the impact of the GDPR on their operations, and analyzing whether they need to adopt policies and procedures, appoint data privacy officers and register with a Data Privacy Agency as required under the GDPR. Since a privacy rule that impacts California effectively becomes a national standard, this new Act means that hotel companies will need to consider many of those issues, regardless of their foreign operations.
The Act goes into effect on January 1, 2020, and while it has broad implications that will become more apparent over time, there are some key initial takeaways.
While the Act does not go into effect for more than a year, it seems likely that it will be aggressively enforced. The Act gives the California Attorney General as the authority and responsibility to issue regulations and opinions and to enforce the Act – some believe that this will make the AG the equivalent of the “top cop” on privacy matters in the nation. Both the current and prior attorneys general have aggressively pursued data privacy enforcement, and we can expect more of the same.
These are only a few of the provisions of the Act, but it is clear that it has the potential of impacting companies throughout the nation. Just as California’s initial breach notification act, adopted in 2002, radically changed the privacy landscape, the California Consumer Privacy Act of 2018 is likely to have as important an impact.
The authors of the Act recognize that it will require additional clarifying regulation to implement, and the Act itself authorizes the Attorney General to issue opinions on the scope of the Act.
While the ink on the Act is still wet, it seems clear that the Act reflects many of the requirements of the EU’s General Data Protection Regulation, and complying with the GDPR will put companies at a competitive advantage against those who wait. JMBM’s Global Hospitality Group has worked with hotel companies to establish procedures and policies to achieve GDPR compliance, and are prepared to address compliance with California’s new law. For additional information, contact Bob Braun (firstname.lastname@example.org, 310.785.5331) or Mike Gold (email@example.com, 310.201.3529).
Bob Braun is a Senior Member of JMBM’s Global Hospitality Group® and is Co-Chair of the Firm’s Cybersecurity & Privacy Group. Bob has more than 20 years experience in representing hotel owners and developers in their contracts, relationships and disputes with hotel managers, licensors, franchisors and brands, and has negotiated hundreds of hotel management and franchise agreements. His practice includes experience with virtually every significant hotel brand and manager.Bob also advises clients on condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures, and works with companies on their data technology, privacy and security matters. These include software licensing, cloud computing, e-commerce, data processing and outsourcing agreements for the hospitality industry.
In addition, Bob is a frequent lecturer as an expert in technology, privacy and data security issues, and is one of only two attorneys in the 2015 listing of SuperLawyers to be recognized for expertise in Information Technology. Bob is on the Advisory Board of the Information Systems Security Association, Los Angeles chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or firstname.lastname@example.org.
This is Jim Butler, author of www.HotelLawBlog.com and hotel lawyer, signing off. Please contact us if you would like to discuss any issues or development that affect your hotel interests. We would like to see if our experience might help you create value or avoid unnecessary pitfalls. Who’s your hotel lawyer?
Tags: jim butler,
global hospitality group,
california consumer privacy act
Jim Butler is a founding partner of JMBM and JMBM’s Global Hospitality Group® which provides business and legal advice to hotel owners, developers and investors. This advice covers hotel purchase, sale, development, financing, franchise, management, labor & employment, litigation, ADA, IP, EB-5 matters and many other areas.
Jim is recognized as one of the top hotel lawyers in the world and has led the Global Hospitality Group® in more than $71 billion of hotel transactions and more than 3,800 hotel properties located around the globe.
Jim’s group has advised on more than 100 EB-5 projects, closed more than $1.5 billion of EB-5 financing, and sourced more than half of that for our clients.
Contact Jim at +1-310-201-3526 or JButler@jmbm.com
New "Accessibility" Regulations for Electric Vehicle Charging Stations
Luxury Resorts Appreciate Guest Privacy Enhancements Included in Version Update for Springer-Miller’s SMS|Host PMS
What Do Top Hotel Executives See on the Horizon for 2018?
SpaSoft Integrates New Security Enhancements to Latest Release
Beekeeper Achieves ISO Certification to Protect Hotels' Data
Clairvoyix Client Databases GDPR Ready Before Deadline
GDPR: What You Need to Know About the EU's New Data Privacy Rules
GDPR: Why Hoteliers Should Take the new EU Regulations Very Seriously
How to Deliver Personalized Guest Experiences in the Age of GDPR and Data Privacy Concerns
Hotel Lawyer Jeffrey T. Myers Joins JMBM’s Global Hospitality Group®
Proposition 65 Defense Lawyer: Is Your Hotel Ready for the New Prop 65 Regulation Deadline? / Jim Butler
The 2018 LIIC Top Ten: The Annual Survey of Lodging Investments Trends and Challenges
Now Available for Download: HEBS Digital’s GDPR Whitepaper
Texting Guests Is About to Be a HUGE Legal Liability That Can Cost a Hotel 4% of Its Annual Revenue
Top Concerns Hotels Need to Know About the GDPR and How to Prepare Your Action Plan
Who Will You See at Meet the Money?
GDPR in the EU and UK: AETHOS' 3 Steps for Complying with Employer Responsibilities
Agilysys Participates in HTNG Whitepaper on GDPR
Interview: Concilio Labs CEO Terri Miller Talks About the Impact of GDPR on Hotels and Their Guests
ALICE Shares Everything They Learned About GDPR Compliance
Please login or register to post a comment.