On October 11, 2019, the Office of the California Attorney General proposed regulations to implement the CCPA.  Far from clarifying or interpreting the Act, the Proposed Regulations largely added to the compliance requirements (and burdens) imposed upon companies.  While the proposals will likely not be finalized until next year, companies are trying to anticipate how they would comply with the new requirements. 

One of the new requirements that the Proposed Regulations would impose relates to the accessibility of the disclosures required under the CCPA.  Specifically, the Proposed Regulations would require that the following be “accessible to consumer with disabilities:”

• Notices at the point of collection.¹
• Notices concerning the right to opt-out of the sale of information (e.g., “Do Not Sell My Personal Information” links).²
• Notices of financial incentives (e.g., explanations as to any value provided by a consumer that is reasonably related to a price or service discrimination caused by the exercise by a consumer of a CCPA-conferred privacy right).³
• Privacy policies.⁴

In each case, the Proposed Regulations would also require that a business “[a]t a minimum, provide information on how a consumer with a disability may access the policy in an alternative format.”[5]

The requirement that privacy-related notices should be accessible to consumers with disabilities echoes the position taken by some courts concerning the impact of the Americans with Disabilities Act (“ADA”) and its regulations on internet websites.  Steps taken by businesses to mitigate potential risk under the ADA are in line with those that businesses would likely take to comply with the Proposed Regulations, if finalized.  These include the following:

1. Online privacy notices would ideally use industry-standard technologies such as HTML, JavaScript and Java or other code generally accessible to audio-readers.
2. Online privacy notices that utilize PDF attachments, or are displayed within a PDF, could include character recognition. 
3. Online privacy notices could specify document language in the HTML to enable people who use screen readers to calibrate their speech synthesizer.
4. Online privacy notices could utilize document structure tags such as headings, paragraphs, sections, tables and other page elements.
5. Businesses could utilize alternative text for non-text elements (e.g., do not sell buttons).

For more information and resources about the CCPA visit http://www.CCPA-info.com. 

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. Proposed Regulation 99.305(a)(2)(d).

2. Proposed Regulation 99.306(a)(2).

3. Proposed Regulation 99.307(2)(d).

4. Proposed Regulation 99.308(2)(d).

5. Proposed Regulation 99.308(2)(d).

[View source.]