Investigative sweeps have been fairly common of late, and it isn’t a surprise to see a focus on mobile apps. But, in addition to hitting mobile apps that did not offer a mechanism to opt out of the sale of personal information, the sweep also focused on mobile apps that could not process requests submitted through authorized agents—including those sent by the mobile app “Permission Slip.” Permission Slip is an app that files requests on users’ behalf, instructing companies to stop selling data. In some ways, Permission Slip is similar to the Global Privacy Control (GPC), which was the focus of the Attorney General’s Sephora action last fall.
The regulatory emphasis on user enabled mechanisms, whether through apps or browser extensions, adds another layer of complexity for businesses attempting to implement their CPRA compliance efforts. And, while the GPC had been publicly endorsed by the California Attorney General months before the Sephora action, Permission Slip is a relatively new and unknown app. It therefore raises the question of which apps and extensions businesses have to honor in order to stay in compliance with the CPRA and other privacy laws. With a likely flood of new products or services, it is no small issue.
[View source.]