California Data Privacy Roundup

Travis Brennan
Stradling Yocca Carlson & Rauth
Contact
LinkedIn
Facebook
X
Send
Embed

Stradling Yocca Carlson & Rauth

1. The California Privacy Rights Act (CPRA) is nearly upon us, but that’s not all:

- 1/1/2023: California Consumer Privacy Act’s (CCPA) mandatory right to cure expires; CPRA takes effect; the Virginia Consumer Data Protection Act takes effect
- 7/1/2023: CPRA becomes enforceable; the Colorado Privacy Act takes effect; the Connecticut Data Privacy Act takes effect
- 12/31/2023: The Utah Consumer Privacy Act takes effect

2. The new California Privacy Protection Agency (CPPA) was supposed to publish implementing regulations last July. That didn’t happen, but we’re finally getting close to having a first round of regulations. The CPPA recently made changes to its draft regulations, and the CPPA board held meetings on October 28 and 29 to consider modifying and adopting them. The Board authorized Agency staff to prepare and provide notice of additional changes to the draft, and public comments on the latest version of the draft must be submitted by November 21, 2022.

3. The CCPA recently gained admission into the Global Privacy Assembly. In yet another sign that California sets the benchmark for U.S. consumer privacy protection, the CPPA joined the U.S. Federal Trade Commission (FTC) as the second voting member of the Assembly from the United States. The Assembly is a global forum of over 130 data protection and privacy authorities whose goal is to advance privacy by enabling cooperation among privacy authorities across the world. 

4. The FTC recently took action against Drizly and its CEO for security failures. The FTC alleged that Drizly failed to implement basic security measures (while publicly claiming that it had appropriate protections in place), exposing the data of 2.5 million consumers. Without admitting or denying the allegations, Drizly has agreed to a consent order that includes detailed requirements for implementing a comprehensive information security program. The order’s emphasis on the need for data minimization is notable.  

5. The Global Privacy Control is a new technical specification for transmitting universal opt-out signals at the browser level. California’s Attorney General insists that businesses must treat a GPC signal as a “Do Not Sell Or Share My Personal Information” request under the CCPA.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Stradling Yocca Carlson & Rauth | Attorney Advertising

Written by:

Stradling Yocca Carlson & Rauth
Stradling Yocca Carlson & Rauth
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Stradling Yocca Carlson & Rauth on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide