A Third Set of Modifications to the CCPA Regulations

This week, the California Department of Justice again announced a third set of proposed modifications made to the CCPA regulations summarized below.
- Examples were given of how businesses collecting personal information from consumers offline can provide the notice of right to opt-out of the sale of personal information through an offline method.
- Guidance was provided on how submitting requests to opt-out should be easy and require minimal steps.
- Methods must be designed to avoid subverting or impairing a consumer’s choice to opt-out.
- A request to opt-out shall not require more steps than that business’s process for a consumer to opt-in to the sale of personal information after having previously opted out.
- Do not use confusing language, such as double negatives (e.g., “Don’t Not Sell My Personal Information”), when providing consumers, the choice to opt-out.
- Don’t require consumers to click through or listen to reasons why they should not submit a request to opt-out before confirming their request.
Don’t require the consumer to provide personal information that is not necessary to implement the request. - The “Do Not Sell My Personal Information” link should not require the consumer to search or scroll through the text of a privacy policy or similar document or webpage to locate the mechanism for submitting a request to opt-out.
- Clarification that a business may require an authorized agent to provide proof the consumer gave permission or may require a consumer to verify their request.
- Clarification that businesses that have actual knowledge that they sell the personal information of minors are required to include in their privacy policies a description of their method for verifying that the person authorizing the sale of a child’s data is actually that child’s parent or guardian.
In the meantime, the WireWheel Privacy Management Platform and DSAR Automation tools are here to help!
Suggested Blog Posts
WireWheel Supports Global Privacy Control (GPC)
Written by Rick Buck, Chief Privacy Officer, WireWheel Remember Do Not Track (DNT), the web browser setting that...
Federal Privacy Law in 2021?
On December 9, just one week after WireWheel’s SPOKES Privacy Technology Conference, where the concept of a U.S....
Another Round of Proposed CCPA Modifications
On December 10, 2020, the California Attorney General proposed new modifications to the CCPA. The proposed...
Privacy Shield: Two Key Players Discuss “What Now and Next?”
In the plenary session of WireWheel’s SPOKES Privacy Conference two central figures in crafting transatlantic data...
Canada Introduces New Federal Privacy Bill
On November 17, the Canadian government drafted new privacy legislation that would make significant changes to their...