New CCPA Developments – Technology

United States:

New CCPA Developments

To print this article, all you need is to be registered or login on

The California Attorney General’s Office has finalized additional regulations implementing
the California Consumer Privacy Act of 2018 (the CCPA). The new
regulations, found here, are the most recent in a series of
regulations that build on the rules last adopted in August 2020.
The new regulations have a number of developments that companies
doing business in California need to consider:

  • Do Not Sell Button.
    The regulations introduce, but do not require, the use of a blue
    opt-out icon designed by Carnegie Mellon University’s Cylab and
    the University of Michigan’s School of Information. While
    earlier versions of the regulations discussed placement of the
    icon, the only mandates that remain are that the icon is the same
    size as others on the web page. Businesses can download the icon here. Importantly, the icon may be used in
    addition to, but not in place of, the existing do not sell

  • Ongoing Enforcement.
    While the Attorney General has not been active in bringing
    enforcement actions for violations of the CCPA, the Attorney
    General’s office has actively issued notices to cure
    violations. The press release accompanying the new regulation
    notes that there has been “widespread compliance . especially
    in response to notices to cure.” Last year, Supervising Deputy
    AG Stacey Schesser told the IAPP, the International Association of
    Privacy Professionals, that enforcement targeted online businesses
    that were missing key privacy disclosures or “Do Not
    Sell” links, and came in response to consumer complaints,
    including on social media.

    The future of enforcement will depend on a number of factors,
    including the impact of the newly formed California Privacy
    Protection Agency and the Governor’s nomination of Rob Bonta as
    Attorney General to succeed Xavier Becerra, who was recently
    confirmed as U.S. Secretary of Health and Human Services.

  • Offline Notices. The
    new regulations also address personal information that is collected
    offline. Businesses that sell information they collect offline now
    need to provide and inform consumers of an offline method to submit
    opt-out requests, and provide instructions on how to do so. The
    regulations suggest paper forms where the initial information is
    captured, signage, or via phone.

  • Clearly Identifying the
    Opt-Out Option
    . Under the new regulations, businesses must
    make opt out requests “easy for consumers to execute” and
    with minimal steps – no more than necessary to provide the personal
    information. The regulations also prohibit “dark
    patterns” or other visual tricks to minimize or hide the
    method by which consumers can opt-out of having their information
    sold or shared. The regulations list examples of subterfuge that
    businesses should avoid, including confusing language; requiring
    the consumer to read, listen to, or click through reasons they
    shouldn’t opt out; and requiring consumers to read or scroll
    through privacy policies or other notices after selecting the
    “Do Not Sell My Personal Information” option.

  • Authorized Agents.
    The regulations now state that a business may require an authorized
    agent to provide proof that a consumer gave the agent signed
    permission to submit the request. In prior regulations, that was

  • CPRA Appointees. In
    related news, the Governor, Attorney General, Senate
    President pro tem and Assembly Speaker announced appointees to the
    five-person CPRA board. They are Berkeley Law Professor Jennifer
    Urban; former Southern California Edison executive John Christopher
    Thompson; former Chief Assistant Attorney General of the Public
    Rights Division Angela Sierra, who oversaw the Consumer Protection
    Section’s Privacy Unit; Santa Clara Law Professor Lydia de la
    Torre; and Vinhcent Le, Technology Equity attorney at the
    Greenlining Institute.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States

FinTech Comparative Guide

J. Sagar Associates

FinTech Comparative Guide for the jurisdiction of India, check out our comparative guides section to compare across multiple countries

NFTs: But Is It Art (Or A Security)?

Latham & Watkins LLP

As the current crypto boom has progressed, it seemed Decentralized Finance (DeFi) had cemented its position as the dominant new narrative of this cycle.


See also  It's time for IT Ops and security tools to finally converge

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.