CA Attorney General Releases New CCPA Law Modifications

CA Attorney General Releases New CCPA Law Modifications
Print Friendly, PDF & Email

Recently, the California Consumer Privacy Act (“CCPA”) regulations were modified by the California Attorney General. The latest CCPA law modifications were released on February 7, 2020, in an attempt to address issues that were raised during the public hearing and comment period that followed the release of the proposed regulations on October 11, 2019.

The California Attorney General has announced a deadline of February 24, 2020, at 5:00 p.m. (PST) to submit written comments, in yet another attempt to clarify CCPA law.  

How have the proposed regulations changed?

Key CCPA Law Modifications

The California Attorney General has provided a redlined version of the CCPA regulations. Some of the proposed modifications that merit highlighting include:

  • The definition of “categories of third parties” with whom businesses share personal information has been revised to require businesses to describe third parties with enough particularity so that consumers can understand what type of businesses those third parties are. Examples of categories of third parties include advertising networks, Internet Service Providers, data analytic providers, governmental entities, operating systems and platforms, social networks, and data brokers.  
  • The “personal information” definition has also been updated to explain that information will be deemed “personal information” only if it “is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.” For example, an IP address will not be deemed “personal information” if that IP address is not reasonably linked to any particular consumer or household. 
  • The CCPA requires businesses to provide consumers with notice of the personal information that is collected from them at or before the point of collection. The modifications will allow businesses that collect personal information over the telephone or in-person to now orally provide the notice of collection over the telephone or in person.
  • According to the modified regulations, data brokers that are registered with the California Attorney General will not have to provide consumers with notices of collection if they have included in their applications for data broker registration links to their online privacy policies that include instructions on how consumers can opt-out from the sale of their personal information.
  • The new regulations clarify that businesses that do not sell personal information, and that explain this in their respective privacy policies, will not need to provide consumer opt-out notices.
  • In addition to posting the opt-out notice, but not in lieu of this notice, the revised regulations now allow businesses to use the following buttons:
  • The proposed regulations explain that businesses will no longer be required to use a two-step process for online requests to delete.
  • Businesses that cannot verify the identity of a consumer who is exercising her/his request to delete may, under the revised regulations, notify the consumer that she/he cannot be verified (and, as such, the request to delete will be denied) and ask the consumer if she/he would like to opt-out of the sale of her/his personal information. 
  • Pursuant to the express language of the CCPA, businesses must comply with requests to opt-out no later than fifteen (15) business days from the date that businesses receive the subject requests. The proposed regulatory modifications now provide that if a business sells a consumer’s personal information after the request to opt-out has been received, but before that business has complied with the request, it must notify third parties that have received consumer personal information from the company in this interim period that the consumer has elected to opt-out and that these third parties may no longer sell that consumer’s personal information. 
  • Previously, businesses that, alone or in combination, bought, sold, shared or received for commercial purposes, the personal information of four million or more consumers in a calendar year, had to provide metrics regarding the processing of requests to know, delete and opt-out, and the median or mean number of days within which they responded to those requests in their respective privacy policies. The consumer threshold has been changed in the modified regulations from four million to ten million consumers. 

Compliance with CCPA Law Modifications

The CCPA went into effect on January 1, 2020.  The California Attorney General is scheduled to begin CCPA enforcement on July 1, 2020. Until then, businesses should be working diligently to ensure that their privacy policies are up to date and that all required CCPA notices are compliant with evolving CCPA law regulations. If you are interested in learning more about this topic or require assistance in connection with consumer data privacy compliance for your business, please email us at, or call us at (212) 246-0900.

The material contained herein is provided from informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney. 

Attorney Advertising

Related Blog Posts:

CCPA Law: The Private Right of Action

Privacy Policies and the California Consumer Privacy Act (CCPA)

Comparing the Washington Privacy Act (WPA) to the California Consumer Privacy Act (CCPA)

David O. Klein

David O. Klein

David Klein is one of the most recognized attorneys in the telemarketing, technology, Internet marketing, sweepstakes and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Schedule a Call
In The Know

Trending Topics

Creating a Viral and Legally Compliant "Pin to Win" Contest- Klein Moynihan Turco

Creating a Viral (And Legally Compliant) “Pin to Win” Contest

Print Friendly, PDF & Email

We have frequently written about the marketing benefits associated with the use of promotional contests and sweepstakes.  Promotional contests and sweepstakes often appear on social media platforms, which provide companies with a free and effective means to increase the number of consumers participating in their respective contests. While companies must

Facebook Decision defines a TCPA Autodialer- Klein Moynihan Turco LLP

Facebook Aftermath: Courts Clarify Definition of TCPA Autodialer

Print Friendly, PDF & Email

On April 1st, the U.S. Supreme Court released its opinion in Facebook, Inc. v. Duguid, marking a newly clarified definition of “autodialer” within the meaning of the Telephone Consumer Protection Act (“TCPA”). In the two weeks that followed, two federal courts have directly addressed the definition of TCPA autodialer as

Critical Role that TCPA Plays in Outbound Telemarketing- KMT

The Critical Role that the TCPA Plays in Outbound Telemarketing

Print Friendly, PDF & Email

If you’re running any sort of outbound telemarketing campaign – phone calls, voicemail drops, or text messaging – you need to understand the Telephone Consumer Protection Act (TCPA) and its enabling regulations. Call center operators are not the only businesses that employ outbound telemarketing to reach out to consumers. Using

How to Use Promotional Marketing the Legal Way: Klein Moynihan Turco LLP

How To Use Promotional Marketing The Legal Way

Print Friendly, PDF & Email

The use of promotional contests, games and sweepstakes marketing can be a dynamic and cost-effective way to increase sales, build a database of interested consumers and otherwise increase brand awareness and buzz. Consumers are more easily attracted to your marketing message by the opportunity to win prizes than with more

Share on facebook
Share on google
Share on twitter
Share on linkedin