California Consumer Privacy Act (CCPA)

Last week, five advertising and marketing trade associations jointly filed comments with the California Attorney General seeking clarification on provisions within the California Consumer Privacy Act (CCPA).

While expressing “strong support” for the CCPA’s intent, and noting the online ad industry’s longstanding consumer privacy efforts like the DAA’s YourAdChoices Program, the group proposed the following three clarifications relating to CCPA provisions that, unless modified, the group believes could reduce consumer choice and privacy:

  • Notice relating to a sale of consumer data: A company’s written assurance of CCPA compliance should satisfy the requirement to provide a consumer with “explicit notice” (under 1798.115(d)) when a company sells a consumer’s personal data that the company did not receive directly from such consumer;
  • Partial opt-out from the sale of consumer data: When responding to a consumer’s request to opt out of the sale of personal data, companies can present consumers with choices on the types of “sales” from which to opt-out, the types of data to be deleted, or whether to opt out completely, rather than simply offering an all or nothing opt-out.
  • No individualized privacy policies: Businesses should not be required to create individualized privacy policies for each consumer to satisfy the requirement that a privacy policy disclose to consumers the specific pieces of personal data the business has collected about them.

The associations signing on to the comments include the Association of National Advertisers, American Advertising Federation, Interactive Advertising Bureau, American Association of Advertising Agencies, and the Network Advertising Initiative. The comments represent an “initial” submission intended to raise the proposals above and, more broadly, highlight to the California AG the importance of the online-ad supported ecosystem and its impact on the economy.  The associations plan to submit more detailed comments in the coming weeks.

The comments coincide with a series of public forums that the California AG is hosting to provide interested parties with an initial opportunity to comment on CCPA requirements and the corresponding regulations that the Attorney General must adopt on or before July 1, 2020.

 

As we noted previously, the California Attorney General is holding a series of public forums on the California Consumer Privacy Act (CCPA) to provide the public with an initial opportunity to comment on CCPA requirements and the corresponding regulations that the Attorney General must adopt on or before July 1, 2020.  On Friday, January 25, 2019, the Attorney General’s Office held its fourth of six hearings before a full auditorium in Los Angeles.  This blog post summarizes the main themes discussed at the hearing.

Timing/Scope:  For businesses hoping for CCPA clarity and guidance soon, that seems unlikely. California Deputy Attorney General Lisa Kim initiated the hearing, emphasizing that the Attorney General’s Office was in the beginning of its rulemaking process and noting that she anticipated the formal review process not to start until Fall 2019.  For now, the Attorney General’s Office encouraged interested parties to submit comments by the end of February, focusing on subjects within the scope of the Attorney General’s rulemaking responsibilities, as set forth in the CCPA, including:

  • Categories of Personal Information
  • Definition of Unique Identifiers
  • CCPA Exemptions
  • Submitting and Complying with Consumer Requests
  • Uniform Opt-Out Logo/Button
  • Notices and Information to Consumers, including Financial Incentive Offerings
  • Certification of Consumers’ Requests

During the hearing, the Attorney General’s Office displayed this PowerPoint deck, summarizing the CCPA regulatory process.

Main Themes

Continue Reading California Privacy Update: What We Heard at Friday’s CCPA Hearing

California Attorney General Xavier Becerra announced yesterday that the California Department of Justice will hold a series of six public forums on the California Consumer Privacy Act (CCPA).  The hearings will take place during January and February of this year and will give the public an initial opportunity to comment on the requirements set forth by the CCPA and the regulations the Attorney General must adopt on or before July 1, 2020.

The CCPA was passed in June of this year, and gives California residents specific privacy rights related to their online activities. Starting January 1, 2020, businesses will be required to comply with a number of provisions including requirements to disclose data collection and sharing practices to consumers, grant consumers a right to request deletion of their data, grant consumers a right to opt out of the sale of their personal information, and a prohibition on selling personal information of consumers under the age of 16 without explicit consent.

The CCPA requires the Attorney General to “solicit broad public participation” and adopt regulations regarding issues such as the definition of personal information, considering changes in technology and data collection practices, procedures for how a consumer can submit a request to opt out of the sale of his or her personal information, and procedures for businesses to determine whether a consumer’s request for information is verifiable.

The Attorney General’s announcement is particularly important because CCPA enforcement will not begin until six months after the promulgation of these regulations, or July 1, 2020, whichever is sooner.  These public forums indicate that Attorney General Becerra’s office is taking steps to adopt these rules, meaning CCPA enforcement may come sooner rather than later.

These hearings will serve as the first public forum in which businesses and members of the public can voice their thoughts or concerns about the required regulations. Members of the public who would like to speak at the forums can, but are not required to, register online. Comments may also be submitted via mail or email. A full schedule of the forums can be found here.

Kelley Drye is happy to assist if your business is considering whether to submit comments concerning the CCPA regulations or enforcement.  These forums present a critical opportunity for any stakeholder interested in California privacy law and enforcement to have their voices heard.  For more information on the CCPA and how it may affect your business, please visit our past blog posts here and here.