If a consumer sends a request for deletion or a request for access via Twitter or other social media, does a business have to respond?

Christian Auty
BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

Yes, if currently pending regulations are made final.

As an initial matter, the statutory text of the CCPA is somewhat unclear regarding a business’s obligations when it receives a request for access or a request for deletion in a non-standard format. The statute provides only that a business must “[m]ake available to consumers two or more designated methods for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115, including, at a minimum, a toll-free telephone number, and if the business maintains an Internet Web site, a Web site address.”1

Taken alone, the provision states that businesses may direct consumers to a finite number of “designated methods,” with the implication that requests submitted through non-designated methods are invalid and may be ignored.  The proposed regulations, however, state the opposite—specifically, the regulations require that when a consumer submits a request through a non-standard method, the business must either “[t]reat the request as if it had been submitted in accordance with the business’s designated manner, or . . .  [p]rovide the consumer with specific directions on how to submit the request or remedy any deficiencies with the request, if applicable.”2

Thus, in the case of a request submitted by Twitter, at a minimum the business would be required to provide the consumer who authored the tweet with information about how to submit a valid request.  It is also unclear as to the time period by which a business must respond to a non-standard request, since it is unclear whether a non-standard request, such as a Twitter request, meets the definition of a “request to know” or a “request to delete” under the regulations.3

For more information and resources about the CCPA visit http://www.CCPA-info.com. 

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. CCPA, Section 1798.130(a)(1).

2. Proposed Regulation, 999.312(f).

3. Proposed Regulation 999.301(n)-(o).

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide