The CCPA grants to consumers “the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.”1 Nothing within the CCPA prohibits a business from collecting new or additional personal information about the same consumer in the future. Indeed, if a business attempted to treat a right to be forgotten request as a persistent instruction not to collect information, it would lead to absurd results.
First, a business would have no way of applying the consumer’s instruction unless the business kept a record of the consumer’s preference. Of course, such a record would, in and of itself, constitute personal information that the business failed to delete at the request of the consumer.
Second, if a business treated a right to be forgotten request as persistent, the business would most likely be preventing the consumer from utilizing the products or services of the business in the future, as to do so might entail future collections of personal information. Such an interpretation would not only be gratuitous, but it would violate the anti-discrimination prohibition within the CCPA under which a business is not permitted to “deny goods or services to the consumer” because “the consumer exercised” a right conferred by the Act.2
The net result is that a right to be forgotten request should be viewed as a request made at a specific point in time and should not be interpreted as indicating a persistent, ongoing, or continuous instruction by a consumer to delete information collected about the consumer in the future. With that said, an amendment to the CCPA deferred the full impact of the Act upon employee data until January 1, 2021.3
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. Cal. Civil Code 1798.105(a).
2. Cal. Civil Code 1798.125(a)(1)(A).
3. See Assembly Bill 25 passed on November 13, 2019.