University of Cincinnati Law Review


In 2018, following both the repeal of federal privacy regulations and the passage of Europe’s Global Data Protection Regulation, better known as GDPR, California enacted the California Consumer Privacy Act. The Act, or CCPA, is a large step forward in U.S. privacy regime, particularly because many of the largest technology companies in the world are at home in the Golden State. Following its passage, however, many have suggested that the CCPA may in fact violate the Commerce Clause, and specifically the Inverse or Dormant Commerce Clause, because of its outsized economic impact. No academic literature has yet fleshed out this claim, however. This article seeks to do just that. The article begins by reviewing the science and principles underlying targeted ads and the data shared to advertisers that give rise to the privacy concerns animating the CCPA. In Section II, the article reviews the CCPA, including the events leading up to its passage, the law’s text, its comparison to GDPR, and its initial critical reception. Finally, in Section III, the article lays out the Dormant Commerce Clause’s jurisprudence—including the various standards and tests under which state statutes are analyzed to determine whether they violate the clause—and applies the CCPA to the Clause, arriving at the conclusion that the Act should survive any Commerce Clause challenge.