A Third Set of Modifications to the CCPA Regulations
This week, the California Department of Justice again announced a third set of proposed modifications made to the CCPA regulations summarized below.
- Examples were given of how businesses collecting personal information from consumers offline can provide the notice of right to opt-out of the sale of personal information through an offline method.
- Guidance was provided on how submitting requests to opt-out should be easy and require minimal steps.
- Methods must be designed to avoid subverting or impairing a consumer’s choice to opt-out.
- A request to opt-out shall not require more steps than that business’s process for a consumer to opt-in to the sale of personal information after having previously opted out.
- Do not use confusing language, such as double negatives (e.g., “Don’t Not Sell My Personal Information”), when providing consumers, the choice to opt-out.
- Don’t require consumers to click through or listen to reasons why they should not submit a request to opt-out before confirming their request.
Don’t require the consumer to provide personal information that is not necessary to implement the request.
- Clarification that a business may require an authorized agent to provide proof the consumer gave permission or may require a consumer to verify their request.
- Clarification that businesses that have actual knowledge that they sell the personal information of minors are required to include in their privacy policies a description of their method for verifying that the person authorizing the sale of a child’s data is actually that child’s parent or guardian.
In the meantime, the WireWheel Privacy Management Platform and DSAR Automation tools are here to help!
Suggested Blog Posts
Crafting Better Privacy Laws, Based on the California Model: A Conversation with Alastair Mactaggart
Spokes 2021: Day Two Keynote Session with Alastair MactaggartOn the second day of the WireWheel Spokes 2021...
Written by Rick Buck, Chief Privacy Officer, WireWheelCCPA, CDPA, GDPR Similarities and Differences Many new state...
WireWheel CEO Justin Antonipillai has talked with many data privacy industry leaders, analysts, and advocates who have...
Written by Rick Buck, Chief Privacy Officer, WireWheelRemember Do Not Track (DNT), the web browser setting that...
On December 9, just one week after WireWheel’s SPOKES Privacy Technology Conference, where the concept of a U.S....