When a business collects personal information offline, can it satisfy the requirement to give a “notice at collection” by including a sign that directs consumers to the business’s online privacy notice?

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

Yes.

The requirement to provide a notice at the point at which information is collected can be satisfied by providing a consumer with the business’s full privacy notice. 

The regulations implementing the CCPA make clear that the notice at collection (or the privacy notice, if it is being used to satisfy the notice at collection) does not have to be physically provided to a consumer; instead, a business must simply make it “readily available” in a location where consumers are likely to encounter it.1 The regulations further recognize that when information is collected offline, “prominent signage” that directs consumers to where a notice “can be found online” provides sufficient availability to satisfy the notice at collection requirement.2 While the sign might include the URL where the business’s’ privacy notice resides, the California Attorney General has suggested that other less explicit references to the privacy notice – such as providing a QR code that automatically directs most smartphones to the correct website – would also be sufficient.3

Permitting businesses to satisfy the obligation to provide a notice at the point of collection offline by referring to an online privacy notice recognizes that the majority of consumers have ready access to the internet through smartphones and, as a result, by providing a URL or QR code in a store or at a business’s physical location the business is making the information “available” to the consumer at that time and place. 

For more information and resources about the CCPA visit http://www.CCPA-info.com.

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. CCPA Reg. Section 305(a)(3).

2. CCPA Reg. Section 305(a)(3)(c).

3. FSOR at 8.

[View source.]

Written by:

BCLP
BCLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide