Another Round of Proposed CCPA Modifications
On December 10, 2020, the California Attorney General proposed new modifications to the CCPA. The proposed modifications are in response to comments received about the October 12, 2020 proposed modifications to the “final” CCPA regulations, issued August 14, 2020. This along with the newly passed CPRA continue to make compliance in California a moving target.
Below is a brief overview of this week’s proposed rules. A comparison of the two most recent modifications of the final regulations is available here. The California’s Office of the Attorney General is accepting written comments to the proposed changes until Dec. 28.
- Offline Notice: The offline notice requirement was modified from the previous rulemaking. The proposed modification has been narrowed to apply only to businesses that sell personal information collected from consumers offline. Previously, it applied to all businesses that collect personal information offline.
- The modifications provide clearer examples of acceptable offline notification methods. Specifically, the modification addresses the collection of personal information over the phone which may require reading the Do Not Sell My Personal Information notice in advance of collection.
- Opt-Out Icon: The opt-out icon (button) has been reintroduced into CCPA. The purpose of the button is to promote consumer awareness of the opportunity to opt out of the sale of personal information. Businesses may place the icon to the left of their Do Not Sell My Personal information link on their homepage. The icon is optional and does not affect any other obligations under the CCPA. This was previously included in October 2019 but was left out of the final regulations. Of note, the California Privacy Rights Act (CPRA) also includes the opt-out button as an option.
- The button may be used in addition to, but not in instead of a Do Not Sell My Personal Information link and must lead to the same webpage or online location to which the link leads. Specific requirements about the size and placement of the button have also been detailed in the modifications.
The previously proposed rulemaking were unchanged:
- Business’ methods for submitting opt-out requests must be easy to fulfill and be limited to minimal steps.
- Defining and narrowing allowable steps to authenticate authorized agent facilitating data subject requests.
We will continue to monitor the progress of the proposed modifications to the CCPA and update you as information becomes available.
Suggested Blog Posts
Introduction The California Consumer Privacy Act (CCPA) has been in effect since January 1, 2020 and enforcement...
Congressional testimony from a former Facebook employee has sparked outrage over the governance of the company’s...
Introduction ‘Personal Data’ has different legal definitions in the GDPR, CCPA in California, CDPA in Virginia, LGPD...
Last Updated: November 5, 2021What is a DSAR? Data Subject Access Requests (DSARs) give individuals (also known as...
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction to California’s Data Privacy Laws The California...