As covered in this blog post, on June 24, 2020, the Secretary of State of California announced that the California Privacy Rights Act (CPRA), had enough votes to be eligible for the November 2020 general election ballot. CPRA is a ballot initiative, which, if adopted, would amend and augment the California Consumer Privacy
CCPA 2.0 Gets Closer to Reality: CPRA Eligible for November 2020 Ballot; How Does it Compare to CCPA?
On June 24, 2020, the Secretary of State of California announced that the California Privacy Rights Act (CPRA), had enough votes to be eligible for the November 2020 general election ballot. CPRA is a ballot initiative, which, if adopted, would amend and augment the California Consumer Privacy Act (CCPA) to increase and clarify the privacy
CCPA Update: Final Regulations Submitted but No Changes from Prior Draft
On June 2, California Attorney General Xavier Becerra announced that he had submitted final CCPA regulations to the Office of Administrative Law (OAL) for review. The final regulations are substantively identical to the second set of modified proposed regulations, which the AG released in March. In addition, the AG issued a Final Statement of Reasons that (1) explains the changes between the first draft and final regulations, and (2) is accompanied by Appendices that respond to each public comment received throughout the rulemaking process – including written comments submitted in response to each draft of proposed regulations and those provided at the four public hearings held in December 2019.
We have described below some of the key provisions of the final regulations, which will impose additional requirements on businesses, service providers, and third parties and data brokers, and likely require the design and implementation of new processes. Whatever hardship the regulations may cause, it is clear that the AG is prioritizing consumer privacy, explaining that the office “has made every effort to limit the burden of the regulations while implementing the CCPA” and does not believe the regulations are “overly onerous or impractical to implement, or that compliance would be overly burdensome or would stifle businesses or innovation.”
Continue Reading CCPA Update: Final Regulations Submitted but No Changes from Prior Draft
Ad Law Access Podcast – Operationalizing the California Consumer Privacy Act (CCPA)
CCPA compliance is a cross-functional exercise that requires active participation and buy-in from business units across the organization to tackle data mapping, work flows and employee training. On the latest episode of the Ad Law Access Podcast, special counsel Tara Marciano and associates Carmen Hinebaugh and Alexander Schneider discuss the ongoing challenges of operationalizing CCPA
The CCPA Non-Discrimination Right, Explained
The California Consumer Privacy Act (CCPA) provides consumers with a right to non-discrimination when they exercise other privacy rights guaranteed by the law, such as the right to access, delete, or opt out of the sale of their personal information. However, the meaning of “non-discrimination” and the exceptions to this prohibition provided in the CCPA and proposed regulations are among the more confusing aspects of California’s privacy law.
While other privacy laws contain non-discrimination provisions, the CCPA non-discrimination right is notably broader. For example, the CCPA concept of discrimination is not limited to protected or sensitive categories, as is the case with Title VII. Nor is it limited to a specific type of economic activity, as is the case with industry-specific laws such as the Equal Credit Opportunity Act. Instead, CCPA’s non-discrimination right applies to all California consumers exercising any of their other rights under the Act.
This post looks at what the non-discrimination right prohibits (and allows), as well as some of the important questions that the statute and draft regulations leave open. Critical practical issues include being able to (1) distinguish between lawful denials of CCPA rights and impermissible discrimination, and (2) justify the magnitude of financial incentives offered in connection with personal information collection, retention, and sale. With about two months before the CCPA’s July 1 enforcement date, it’s important for businesses to confirm how they are addressing this often overlooked right and square away any final adjustments that may be prudent.
Continue Reading The CCPA Non-Discrimination Right, Explained
Ad Law Access Podcast: CCPA Update – Attorney General Proposes Modified Draft Regulations
CCPA Update: Attorney General Proposes Modified Draft Regulations
On Friday, California Attorney General Xavier Becerra released proposed modifications to the formerly-released draft regulations implementing the California Consumer Privacy Act (CCPA). The modifications reflect the Attorney General’s response to public comments issued in response to the draft regulations and arguably represent a rollback of key provisions previously proposed.
The modifications impose a number of
The U.S. Approach to Privacy: What Is It, and Where Is It Headed?
As we mark Data Privacy Day, today is a good time to take stock of where U.S. privacy legislation stands in relation to the developments of the past few years. In less than two years, the GDPR and the CCPA became the most comprehensive privacy laws in effect, granting individuals extensive rights over their information,
Ad Law Access Podcast: Materiality and Clear and Conspicuous Disclosures
On the latest episode of the Ad Law Access Podcast, associates Carmen Hinebaugh and Lauren Myers make their podcast debut with a discussion on materiality and clear and conspicuous disclosures.
For additional information see our new Advertising and Privacy Law Resource Center (https://www.kelleydrye.com/Advertising-and-Privacy-Law-Resource-Center), an online hub for advertising, privacy, and consumer protection
Europe’s Supreme Court Places Limits on the Right To Be Forgotten
On Tuesday, September 24, 2019, the European Court of Justice issued two rulings that further defined the right to be forgotten under European laws. The right to be forgotten, also known as the right to erasure, is a fundamental tenet of the General Data Protection Regulation (GDPR). The right allows, among other things, consumers to