California’s Attorney General recently released revised draft regulations for the California Consumer Privacy Act (CCPA). Comments to the revisions are currently accepted through February 25, 2020.
Read the update to see the changes, with key additions and deletions highlighted.
After a long wait, the California Attorney General’s (AG) office held a news conference on October 10, 2019, and published proposed regulations implementing the California Consumer Privacy Act (CCPA). Companies gearing up for CCPA’s January 1, 2020, effective date should quickly review and assess the proposed regulations’ potential effects on their operations and consider attending upcoming public hearings or submitting public comments by December 6, 2019.
The long anticipated amendments to the CCPA were passed by the California Legislature in early September and now await Governor Newsom’s signature. Some of the changes were “clean up” amendments to update cross references, standardize language, and generally address issues of drafting. What follows is a summary of the most significant and substantive amendments:
On May 29, 2019, Nevada Governor Steve Sisolak signed into law SB 220, which amends Nevada’s security and privacy law to require an operator of a website or online service for commercial purposes to permit consumers to opt-out of the sale of any covered personally identifiable information that the operator has collected or will collect about the consumer. The law becomes effective October 1, 2019, several months before the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, and is therefore set to become the first of its kind to be implemented in the U.S.
The critical role of data mapping in CCPA readiness and compliance
Although the California Consumer Privacy Act (CCPA) does not explicitly require that businesses engage in data mapping or relationship mapping, they probably won’t be able to develop effective CCPA compliance strategies without having both. Businesses that have engaged in data mapping in preparation for GDPR compliance will be able to leverage some of that work.
When people talk about data privacy, or data collection, or tracking technology, or analytics, or click farms, or bots, or data brokers, or geolocation, or mobile apps, or social media, or influencers, in the end what they’re really talking about is digital advertising. Yet while we may feel comfortable using the phrase to broadly describe any online marketing efforts, the purpose of digital advertising is quite different from the goal of a 30 second radio spot, and shares little with its Mad Men-era ancestors beyond the name.
But today, faced with a variety of new laws and regulations designed to protect consumer privacy, lawyers and their clients are obliged to take a much deeper and more nuanced dive into modern methods of digital advertising. And many are surprised at what they find.