CCPA Update: Third Time is the Charm

Arent Fox
Contact

Arent Fox

The California Consumer Privacy Act (CCPA) is the landmark privacy law in the US that formally went into effect this year and provides California residents with various rights regarding the collection, use, and sharing of their personal information.
 

While enforcement of the CCPA began August 14, 2020, the Office of the Attorney General has now proposed a third set of modifications to the CCPA Regulations. They are further described below.

What are the proposed changes?

There are three primary updates to the regulations in the areas of (1) offline opt-outs; (2) rules surrounding opt-outs; and (3) steps for verifying the identity of individuals exercising their rights. Outside of these updates, the major rights and requirements from the previous Regulations remain in place. The modifications are organized in the sequence they appear in the Regulations.

Offline Opt-Outs. The updated Regulations provide examples of how businesses can provide the notice of the right to opt-out of the sale of personal information in offline settings. These methods include:

  • Brick-and-mortar: notice can be provided by printing the notice on paper forms that collect the personal information or by posting signs with information about where the notice can be found online in the area where personal information is collected.
  • Phone: a business may provide the notice orally during the call when information is collected.

Opt-Out Submission Guidance. The proposed modifications provide further guidance on the methods businesses can provide for individuals to submit requests to opt-out.

  • Easy to exercise: the proposed modifications emphasize that requests to opt-out must be easy and require minimal steps for individuals to exercise. For example, the number of steps to opt-out must not be more than the number of steps to opt-in after having previously opted out.
  • Clear language: opt-out language should be clear and should not be phrased in a confusing manner. Double-negatives should be avoided.
  • No superfluous steps: businesses must not require individuals to click through or listen to reasons why they should not submit a request to opt-out.
  • Opt-out link: the “Do Not Sell My Personal Information” link should not lead to a page where the individual must search or scroll through the privacy policy or other document to locate the mechanisms to submit the request to opt-out.

Authorized Agent. The proposed modifications clarify the requirements surrounding the proof that a business may require an authorized agent to provide, as well as what the business may require a consumer to do to verify their request.

  • Signed permission: businesses may ask authorized agents to provide proof of signed permission to submit the request.
  • Verify identity directly: the business may also require the individual on whose behalf the authorized agent submits a request, to verify their own identity directly with the business or directly confirm with the business that they provided the authorized agent with permission.

What to Do?

If your CCPA procedures have been crafted with consideration of the current Regulations, you may consider whether you will need to revise them to incorporate the clarifications from these proposed changes.

The Attorney General will accept comments on this third set of modifications. The deadline to submit written comments is fast approaching on October 28, 2020, at 5 p.m. PST. If considering a comment for submission, please review the “Tips for Submitting Effective Comments” by the Department of Justice, available here.

Written comments may be submitted by email to PrivacyRegulations@doj.ca.gov, or by mail at the address listed below.

Lisa B. Kim, Privacy Regulations Coordinator
California Office of the Attorney General
300 South Spring Street, First Floor
Los Angeles, CA 90013

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Arent Fox | Attorney Advertising

Written by:

Arent Fox
Contact
more
less

Arent Fox on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.