California Consumer Privacy Act

Subscribe to California Consumer Privacy Act

On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest privacy law stories in 2021 and beyond.

Last year we wrote a similar article, attempting to predict how the privacy landscape would unfold in 2020. We got some things right (e.g., the emergence of CCPA 2.0). But, let’s be honest, in March everything changed, including privacy law. As spring turned into summer our writing focused on the privacy law implications of COVID-19, including contact tracing, no contact temperature taking, and the unanticipated collection of heath information, among other unexpected topics. We also took note of developments overseas, including the Court of Justice of the European Union’s Schrems II decision and the emergence of Brazil’s federal privacy law, LGPD.

If there was one takeaway from 2020 from a privacy law perspective it was this – while it is impossible to predict its path, privacy law is rapidly growing and evolving, almost on a daily basis, and in nearly every corner of the world. With that, we turn to our 2021 predictions.

Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law (2021)

Keypoint: The California Attorney General’s office again introduces an opt-out button.

On December 10, 2020, the California Attorney General’s office published a fourth set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations. The deadline to submit comments to the proposed modifications is Monday, December 28, 2020.

The latest set of proposed modifications are revisions to the office’s third set of proposed modifications, published on October 12, 2020. The deadline to submit comments to the third set of modifications passed on October 28, 2020. For a discussion on the third set of modifications, see our prior blog post available here.

Continue Reading CCPA Update: AG’s Office Publishes Fourth Set of Proposed Changes to CCPA Regulations

Keypoint: The California Attorney General’s office once again published proposed modifications to its CCPA regulations. The modifications primarily focus on making changes to the provisions dealing with the right to opt out and authorized agent requests.

On October 12, 2020, the California Department of Justice published a third set of proposed modifications to its California Consumer Privacy Act (CCPA) regulations. The deadline to submit written comments is October 28, 2020.

The proposed modifications were published less than two months after the CCPA regulations went into effect on August 14, 2020. In general, the proposed changes focus on the provisions concerning the notice of the right to opt-out, requests to opt-out, and the use of authorized agents for making requests.

The proposed modifications are as follows:

Continue Reading CCPA Update: AG’s Office Publishes Another Set of Proposed Changes to CCPA Regulations

On August 30, 2020, the California legislature passed Assembly Bill 1281, which extends the CCPA’s business-to-business and employee exemptions by one year until January 1, 2022. The bill now moves to the California Governor’s office.
Continue Reading CCPA Update: Legislature Extends Business-to-Business and Employee Exemptions for One Year

Keypoint: Some additional changes to the CCPA regulations were made before they were filed with the Secretary of State and became effective.

As discussed in our prior post, on Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) final CCPA regulations and filed them with the California Secretary of State (SOS). The regulations were immediately effective.

Notably, the final text of the regulations submitted to the SOS was modified from the one filed with the OAL. The OAG published an Addendum to the Final Statement of Reasons setting forth the changes. Many of the changes are stylistic and grammatical. However, some of the changes are substantive and will impact compliance efforts. The most notable changes are discussed below:

Continue Reading CCPA Update: Analyzing the Changes to the Final CCPA Regulations

On August 14, 2020, Attorney General Becerra announced that the California Office of Administrative Law (OAL) approved the final regulations related to the California Consumer Privacy Act (CCPA) an filed them with the Secretary of State. The regulations go into effect immediately.

The Attorney General’s office submitted the final proposed regulations to the OAL on June 1, 2020. As part of the final regulations package, the Attorney General requested an expedited review of 30 business days and that the regulations become effective upon filing with the Secretary of State. Although not satisfying the 30-day request, the OAL did complete its review in short order, particularly in light of two executive orders by California’s governor extending the OAL’s review period by an additional 120 days.

Continue Reading CCPA Final Regulations Approved and Effective Immediately

During a webinar last week hosted by the International Association of Privacy Professionals, a representative from the California Attorney General’s office confirmed that on July 1, the first date of the AG’s statutory enforcement authority, the office sent its first set of CCPA enforcement letters. Per the statute, businesses have 30 days to cure the violations before the AG’s office may commence a confidential investigation or initiate a lawsuit.
Continue Reading CCPA Update: AG’s Office Confirms CCPA Enforcement Has Begun

On June 24, 2020, the California Secretary of State announced that county election officials had validated enough signatures through the random signature validation process to make the California Privacy Rights Act of 2020 (a/k/a CCPA 2.0) eligible for the November 3, 2020 ballot. The final projected valid signatures based on the random sample validation process

In early June, the California Attorney General filed final CCPA regulations with the California Office of Administrative Law. The final regulations were accompanied by a 59-page Final Statement of Reasons along with six appendices containing over 500 pages of comments on the regulations and the Attorney General’s responses to those comments. One of the many topics that the Attorney General’s office discussed was the final regulation’s requirements for drafting privacy policies. Given that the drafting of a privacy policy is a necessary part of CCPA compliance, it is worth analyzing those comments.

Continue Reading Analyzing the California Attorney General’s Comments on Drafting Privacy Policies

Keypoint: If the California Privacy Rights Act is approved by voters in November, it would trigger a series of deadlines ultimately culminating in a January 1, 2023 effective date and July 1, 2023 enforcement date.

On May 4, 2020, privacy advocates reported that they were submitting over 900,000 signatures to qualify the California Privacy Rights Act (CPRA or CCPA.20) for the November election. Assuming the initiative passes the signature verification process, it would be on the November 3, 2020 ballot and become law if approved by a simple majority of California voters.

If the CPRA does pass in November, it will trigger a complicated timeline of staggered effective and enforcement dates and regulatory rulemaking deadlines.

Continue Reading CCPA 2.0: Analysis of the California Privacy Rights Act’s Implementation Timeline