A Third Set of Modifications to the CCPA Regulations
This week, the California Department of Justice again announced a third set of proposed modifications made to the CCPA regulations summarized below.
- Examples were given of how businesses collecting personal information from consumers offline can provide the notice of right to opt-out of the sale of personal information through an offline method.
- Guidance was provided on how submitting requests to opt-out should be easy and require minimal steps.
- Methods must be designed to avoid subverting or impairing a consumer’s choice to opt-out.
- A request to opt-out shall not require more steps than that business’s process for a consumer to opt-in to the sale of personal information after having previously opted out.
- Do not use confusing language, such as double negatives (e.g., “Don’t Not Sell My Personal Information”), when providing consumers, the choice to opt-out.
- Don’t require consumers to click through or listen to reasons why they should not submit a request to opt-out before confirming their request.
Don’t require the consumer to provide personal information that is not necessary to implement the request.
- Clarification that a business may require an authorized agent to provide proof the consumer gave permission or may require a consumer to verify their request.
- Clarification that businesses that have actual knowledge that they sell the personal information of minors are required to include in their privacy policies a description of their method for verifying that the person authorizing the sale of a child’s data is actually that child’s parent or guardian.
In the meantime, the WireWheel Privacy Management Platform and DSAR Automation tools are here to help!
Suggested Blog Posts
Introduction The California Consumer Privacy Act (CCPA) has been in effect since January 1, 2020 and enforcement...
Congressional testimony from a former Facebook employee has sparked outrage over the governance of the company’s...
Introduction ‘Personal Data’ has different legal definitions in the GDPR, CCPA in California, CDPA in Virginia, LGPD...
Last Updated: November 5, 2021What is a DSAR? Data Subject Access Requests (DSARs) give individuals (also known as...
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction to California’s Data Privacy Laws The California...