On February 21st, the California Attorney General (AG) Rob Bonta announced a settlement with DoorDash for violations of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) relating to its participation in a marketing co-operative. This action represents only the second public enforcement action since the CCPA went into effect
CCPA
House Subcommittee Reconsiders the ADPPA after Iowa, Indiana, Montana, and Tennessee Move to Enact Privacy Laws
As we have previously posted, it has been an active year on the state privacy law front. Indeed, the number of states with privacy laws is about to nearly double in a matter of months, with Iowa, Indiana, Montana, and Tennessee have already passed or are about to pass comprehensive…
CPPA Publishes Updated Draft CPRA Regulations
On October 17, the California Privacy Protection Agency (“CPPA”) published the first revisions to the CPRA regulations. This draft includes an extensive list of proposed changes in advance of the CPPA Board public hearing, scheduled to begin on October 21st. In addition to the newest draft regulations, the CPPA published a…
Real World Implications of Sephora
On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA). This first public enforcement action—and subsequent noncompliance letters the Attorney General sent to other retailers—clearly highlight the continued focus of regulators on online tracking practices and opt-out signals such…
CPPA Announces Public Hearing on CPRA Regulations
The California Privacy Protection Agency announced today that it began the formal rulemaking process to adopt the proposed regulations implementing the Consumer Privacy Rights Act of 2020 (“CPRA”). As part of this announcement, the Agency released the following link to the Proposed Regulations and supporting documents.
The Agency will hold a public hearing for…
Initial Thoughts About the Proposed CPRA Regulations
In a surprising development, the California Privacy Protection Agency (CPPA) published proposed amendments to the CCPA regulations recently. The proposed amendments were initially made public on May 27 in a package of materials to be considered by the CPPA at its upcoming June 8 meeting. The proposed amendments—which in effect are the draft CPRA regulations—were…
Draft CPRA Regulations Released by CPPA
The California Privacy Protection Agency (“CPPA”) scheduled a Board Meeting for June 8th, in which it will be discussing and possibly taking action with regard to the much anticipated CPRA enforcing regulations. To facilitate this discussion, the CPPA included a draft of the proposed regulations as part of the meeting records. This draft…
CCPA Regulations Go Into Effect – With a Few Final Changes
On August 14, 2020, the California Office of Administrative Law (“OAL”) approved in part and withdrew in part the Regulations regarding the California Consumer Privacy Act (“CCPA”). While most of the changes are non-substantive, the OAL withdrew certain provisions of the Regulations and resubmitted them to the Attorney General’s Office for further review. Approved sections…
California Legislation Would Make CCPA Even Worse for Businesses
New proposed legislation in California, backed by state Attorney General (AG) Xavier Becerra, would amend the new California Consumer Privacy Act (CCPA) to make it easier for private plaintiffs and public officials to sue for violations while further increasing regulatory uncertainty and compliance costs for businesses. Specifically, SB 561 would expand the CCPA’s private right of action, remove the Act’s public enforcement “cure” provision, and eliminate the ability of affected companies to seek compliance guidance from the AG.
The CCPA is a sweeping new privacy law which goes into effect in January 2020. It gives California residents substantial control over personal data held by certain California businesses, requiring disclosure of what personal information the business collects, how that information is used or sold, and allowing consumers to control or delete that information upon request. It currently allows private plaintiffs to seek statutory damages of up to $750 per violation for certain violations, and it allows the AG to seek civil penalties of up to $2,500 for most violations, and up to $7,500 for violations found to be intentional.
Continue Reading California Legislation Would Make CCPA Even Worse for Businesses