California Consumer Privacy Act

Subscribe to California Consumer Privacy Act

Keypoint: The appointment of the five California Privacy Protection Agency board members is the first significant step to the California Privacy Rights Act becoming fully operative in 2023.

On March 17, California officials announced the establishment of the five-member inaugural board for the California Privacy Protection Agency (CPPA). The CPPA was established by the California Privacy Rights Act (CPRA), which California voters approved in the November election. The CPPA will take over rulemaking duties from the California Attorney General’s office and will administratively enforce the CPRA. Given that California has the world’s fifth largest economy, the CPPA has the potential to be one of the most important data privacy authorities in the world.


Continue Reading CPRA Update: Board Appointments Announced for California Privacy Protection Agency

Keypoint: Modifications to the CCPA regulation’s provisions regarding requests to opt-out and authorized agent requests are now final.

On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.


Continue Reading CCPA Update: New Regulations Approved

On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest privacy law stories in 2021 and beyond.

Last year we wrote a similar article, attempting to predict how the privacy landscape would unfold in 2020. We got some things right (e.g., the emergence of CCPA 2.0). But, let’s be honest, in March everything changed, including privacy law. As spring turned into summer our writing focused on the privacy law implications of COVID-19, including contact tracing, no contact temperature taking, and the unanticipated collection of heath information, among other unexpected topics. We also took note of developments overseas, including the Court of Justice of the European Union’s Schrems II decision and the emergence of Brazil’s federal privacy law, LGPD.

If there was one takeaway from 2020 from a privacy law perspective it was this – while it is impossible to predict its path, privacy law is rapidly growing and evolving, almost on a daily basis, and in nearly every corner of the world. With that, we turn to our 2021 predictions.


Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law (2021)

With state legislatures reconvening for 2021, numerous states already have seen California Consumer Privacy Act-like privacy legislation proposed, including Washington, New York, Minnesota, Virginia, Connecticut, Mississippi, and Oklahoma. Other states are expected to follow. Will this be the year another state (or states) joins California and enacts consumer privacy legislation?

Join Husch Blackwell Partner David

Keypoint: The California Attorney General’s office again introduces an opt-out button.

On December 10, 2020, the California Attorney General’s office published a fourth set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations. The deadline to submit comments to the proposed modifications is Monday, December 28, 2020.

The latest set of proposed modifications are revisions to the office’s third set of proposed modifications, published on October 12, 2020. The deadline to submit comments to the third set of modifications passed on October 28, 2020. For a discussion on the third set of modifications, see our prior blog post available here.


Continue Reading CCPA Update: AG’s Office Publishes Fourth Set of Proposed Changes to CCPA Regulations

Keypoint: The California Attorney General’s office once again published proposed modifications to its CCPA regulations. The modifications primarily focus on making changes to the provisions dealing with the right to opt out and authorized agent requests.

On October 12, 2020, the California Department of Justice published a third set of proposed modifications to its California Consumer Privacy Act (CCPA) regulations. The deadline to submit written comments is October 28, 2020.

The proposed modifications were published less than two months after the CCPA regulations went into effect on August 14, 2020. In general, the proposed changes focus on the provisions concerning the notice of the right to opt-out, requests to opt-out, and the use of authorized agents for making requests.

The proposed modifications are as follows:


Continue Reading CCPA Update: AG’s Office Publishes Another Set of Proposed Changes to CCPA Regulations

On August 30, 2020, the California legislature passed Assembly Bill 1281, which extends the CCPA’s business-to-business and employee exemptions by one year until January 1, 2022. The bill now moves to the California Governor’s office.
Continue Reading CCPA Update: Legislature Extends Business-to-Business and Employee Exemptions for One Year

Keypoint: Some additional changes to the CCPA regulations were made before they were filed with the Secretary of State and became effective.

As discussed in our prior post, on Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) final CCPA regulations and filed them with the California Secretary of State (SOS). The regulations were immediately effective.

Notably, the final text of the regulations submitted to the SOS was modified from the one filed with the OAL. The OAG published an Addendum to the Final Statement of Reasons setting forth the changes. Many of the changes are stylistic and grammatical. However, some of the changes are substantive and will impact compliance efforts. The most notable changes are discussed below:


Continue Reading CCPA Update: Analyzing the Changes to the Final CCPA Regulations

On August 14, 2020, Attorney General Becerra announced that the California Office of Administrative Law (OAL) approved the final regulations related to the California Consumer Privacy Act (CCPA) an filed them with the Secretary of State. The regulations go into effect immediately.

The Attorney General’s office submitted the final proposed regulations to the OAL on June 1, 2020. As part of the final regulations package, the Attorney General requested an expedited review of 30 business days and that the regulations become effective upon filing with the Secretary of State. Although not satisfying the 30-day request, the OAL did complete its review in short order, particularly in light of two executive orders by California’s governor extending the OAL’s review period by an additional 120 days.


Continue Reading CCPA Final Regulations Approved and Effective Immediately

Over the past few months, there have been numerous developments in state, federal and international privacy law. On Wednesday, August 5, 2020, from 12:00 – 1:00 C.T. members of Husch Blackwell’s privacy and data security practice group will present a webinar providing an overview of the rapidly changing privacy law landscape.  Click here for more