This is such an interesting story as it takes a look at how there is a potential to use parts of the CCPA to obtain quasi-discovery in certain circumstances.

In fact, this is not dissimilar to some of the experiences we have had here in the UK at A&M, and, indeed elsewhere in Europe, with respect to the GDPR and subject access requests.

Certainly, the regulators have been pushing back on this. It’s clearly not the intention of the data privacy legislation being implemented in Europe and California, but as the author (David. A. Zetoony) sums up: “Ultimately California courts will have to determine whether access requests can be utilized as a means of bypassing traditional discovery procedures.”

If you want more on this theme, then I would suggest speaking with my colleague Robert Grosvenor.