California Regulators Win Their Appeal to Enforce the CCPA Revised Regulations as of July 1, 2023

Cathy Mulrow-Peattie, Jason Oliveri
Hinshaw & Culbertson - Privacy, Cyber & AI Decoded
Contact
LinkedIn
Facebook
X
Send
Embed

Hinshaw & Culbertson - Data & Cyber Law Decoded

For companies that slow-tracked their California compliance activities because of the tentative March 29, 2024 effective date due to the pending appeal on the regulation enforcement timeline, it is now time to prioritize compliance.

This is because late last Friday afternoon, California's Third District Court of Appeal sided with the California Privacy Protection Agency and California Attorney General Rob Bonta in the case of California Privacy Protection Agency (CPPA) v. Superior Court (California Chamber of Commerce) to allow the California regulators to enforce the revised CCPA regulations as of July 1, 2023. The decision overturned a lower court ruling that had stayed enforcement of the new and amended regulations by one year. The California Chamber of Commerce is considering its options for appeal. 

What Does This Mean for Businesses that Meet the Threshold Requirements of the California Law?

Here are the top three compliance activities for businesses to consider:

  1. Businesses should review their privacy notices for compliance with the new regulatory notice requirements. Document that your businesses have not materially changed how they are using personal information as stated in your privacy notices, and note that you are making the appropriate revised cross-contextual advertising disclosures and key enforcement issues for California regulators.
  2. The final regulations clarified that cross-contextual advertising included the "sharing" of personal information, not just the sale of personal information. So, businesses should review their data subject access rights to ensure they are providing a "Do Not Sell Or Share My Personal Information Link" or "Alternative Opt Out Link" for these activities to comply with the regulations.
  3. The final regulations set out clear contractual requirements for three categories of vendors: service providers, contractors, and third parties. Businesses, service providers, contractors, and third parties should consider revising their data processing agreements to satisfy these requirements.

As a reminder, both the California Privacy Protection Agency (CPPA) and the California Attorney General's Office can enforce these regulations. While there is no longer any right to cure regulatory violations in California, the CPPA can audit a business, service provider, contractor, or person to ensure compliance with any provision of the CCPA. 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hinshaw & Culbertson - Privacy, Cyber & AI Decoded | Attorney Advertising

Written by:

Hinshaw & Culbertson - Privacy, Cyber & AI Decoded
Hinshaw & Culbertson - Privacy, Cyber & AI Decoded
Contact
more
less

Hinshaw & Culbertson - Privacy, Cyber & AI Decoded on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide