California passed the most comprehensive privacy law in the U.S. on June 28, 2018, with a compliance date of January 1, 2020. For mobile health app developers, that date may seem far away, but the California law will require significant and challenging operational changes. It is unclear whether the law will apply to protected health information of mobile health app developers who are business associates under HIPAA. But for more consumer-focused apps that fall outside of HIPAA, the California law will certainly require significant changes, ranging from updating privacy policies to implementing a consumer right of erasure. The law will affect most businesses that do business in California and have information about California residents, even if the business is located outside of California.