California Attorney General Announces New CCPA Changes

California Attorney General Announces New CCPA Changes
Print Friendly, PDF & Email

California Attorney General Xavier Becerra first announced changes to the California Consumer Privacy Act (“CCPA”), effective March 15, 2021. In August 2020, the Office of Administrative Law (“OAL”) approved the California Department of Justice’s final CCPA regulations. The March 15, 2021 CCPA changes attempt to strengthen and clarify the language set forth in the finalized CCPA regulations. 

What is included in the new CCPA changes?

The Passing of the CCPA

The CCPA was hastily written into law on June 28, 2018, to prevent a citizen ballot initiative from going into effect that would have prevented the State Legislature from amending or repealing the proposition without voter input. The law went into effect on January 1, 2020, and required that the California State Attorney General adopt regulations on or before the CCPA’s enforcement date of July 1, 2020. Since enactment, CCPA regulations have gone through four modifications and the CCPA itself has been amended by Proposition 24, better known as the California Privacy Rights Act (“CPRA”). The CPRA creates new obligations for businesses regarding the collection, use, sale and sharing of personal information, and will become operative on January 1, 2023. 

CCPA Changes

Some of the most recent CCPA changes include:

  • Section 999.306 now contains representative examples of how businesses that collect personal information while interacting with consumers offline, i.e., in brick-and-mortar stores or over the phone, can provide an offline method that may be used by consumers to opt-out of the sale of their personal information. Additionally, businesses may use the following opt-out button in addition to the “Do Not Sell My Personal Information” link, but not in lieu thereof:
Do Not Sell My Personal Information symbol for CCPA changes

Businesses that choose to use the opt-out button must display the button in approximately the same size as any of the other buttons that may appear on their webpages. 

  • Section 999.315 now instructs that businesses’ “methods for submitting requests to opt-out shall be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out.” Examples of prohibited methods that may impair consumers’ choice to opt-out are: 1) requiring more steps to opt-out than had been required for consumers to opt-in to the sale of personal information (after having previously opted out); 2) using deceptive or confusing language; 3) trying to convince consumers that they should not submit requests to opt-out before confirming their requests; 4) requiring consumers to provide personal information that is not necessary to implement their requests; and 5) requiring consumers to scroll through documents (including privacy policies) to locate the mechanism for submitting requests to opt-out. 
  • Section 999.326 has been revised to clarify that businesses may require consumers’ authorized agents to provide proof that consumers have given agents signed permission to submit requests to know and/or requests to delete. 

Please note these CCPA changes are only a small fraction of the overall CCPA regulatory regime and do not touch upon the CPRA, which becomes effective in 2023. As a reminder to our readership, businesses that fall under the umbrella of the CCPA should speak with knowledgeable data privacy attorneys about meeting their statutory compliance obligations. 

If you require assistance with CCPA compliance for your business, please email us at info@kleinmoynihan.com, or call us at (212) 246-0900. 

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Photo by Christin Hume on Unsplash

Related Blog Posts:

How Does the CPRA Compare to the GDPR? Ask a CPRA Lawyer

Is a NY CCPA Law Coming Soon?

I Received a CCPA Enforcement Notice! How Do I Respond?

David O. Klein

David O. Klein

David Klein is one of the most recognized attorneys in the telemarketing, technology, Internet marketing, sweepstakes and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Schedule a Call
In The Know

Trending Topics

New York Sweepstakes Law blog- Klein Moynihan Turco

New York Sweepstakes Law: Are You Compliant?

Print Friendly, PDF & Email

In general, a lottery exists when entrants pay for the chance to win a prize. States alone reserve the right to administer lotteries. Businesses can eliminate one element of what would otherwise be an illegal lottery, in order to transform it into a legal promotional game. If the requirement to

TCPA surveys

An Ad or not an Ad: NY Weighs in on TCPA Surveys

Print Friendly, PDF & Email

Another day, another court decision that refines constitutes a Telephone Consumer Protection Act (“TCPA”) unsolicited fax advertisement. A Manhattan-based federal court recently issued a decision that removes faxed invitations to participate in a survey from the TCPA definition of advertisement. In drawing this distinction for TCPA surveys, the Court held

NY sports gambling law- Klein Moynihan Turco

Agreement Reached to Enact NY Sports Gambling Law

Print Friendly, PDF & Email

This week, Governor Andrew Cuomo and the New York State Legislature agreed to a budget deal that will bring mobile sports betting to the State through a unique NY sports gambling law.  Upon the Governor’s signature, NY sports gambling is primed to become the nation’s largest market. However, New York

UK and US Social Media Influencer Laws

UK and US Social Media Influencer Laws

Print Friendly, PDF & Email

In September of 2020, the United Kingdom’s (“UK”) Committee of Advertising Practice (“CAP”) reviewed the Instagram accounts of 122 UK-based social media influencers to determine whether content was being properly flagged as advertising in accordance with applicable social media influencer laws. This past March, the UK Advertising Standards Authority (“ASA”)

Share on facebook
Share on google
Share on twitter
Share on linkedin