Draft CPRA Regulations Aim to Streamline Opt-Out Processes

Robinson+Cole Data Privacy + Security Insider
Contact

[author: Blair Robinson]*

On Friday of last week, the newly created California Privacy Protection Agency (CPPA) issued its first proposed regulations under the California Privacy Rights Act (CPRA).

The proposed rules have drawn criticism for requiring companies to treat browser-based “Do Not Track” signals as consumers asserting their opt-out rights. This rule came as a surprise to many observers because, as passed, the statute would have given companies the option to honor or ignore these signals. The draft would additionally require businesses to serve their disclosures in “eye-catching” colors, another area not explicitly prescribed by the CPRA statute.

Perhaps to balance the scales, the proposal also includes a new term of art, “disproportionate effort,” describing situations in which the burden of responding to a consumer request would “significantly outweigh” the consumer’s benefit. A business claiming this exception must give the consumer a detailed explanation that includes enough facts to provide a “meaningful understanding” as to why the business cannot honor the consumer’s request. This exception may also insulate companies from consumers who might abuse the request process. A business could likely claim “disproportionate effort,” for example, if a group of protestors coordinated to overwhelm it with requests.

It seems clear that the CPPA aims to make privacy-by-default the easiest option for California companies. Companies that collect and sell minimal personal information from consumers and respect “Do Not Track” signals will find it easy to comply with these proposed regulations. On the other hand, companies that wish to engage in data brokering would need to jump through significantly more regulatory hurdles.

The CPPA will likely address other key CPRA aspects, such as dark patterns, algorithmic decision making, and child privacy in future proposals. Click here to view the full proposal.

 

*non-lawyer intern

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide