California Consumer Privacy Act (CCPA)

Subscribe to California Consumer Privacy Act (CCPA)

CCPA

On August 14, 2020, California Attorney General Xavier Becerra announced the California Office of Administrative Law’s approval of the final California Consumer Privacy Act (CCPA) regulations, and filed them with the California Secretary of State. The AG’s office stated that the regulations are effective immediately.

The OAL made additional revisions to the March 11, 2020 regulations, summarized here, which itself comprised of revised regulations followed several rounds of public forums, hearings, and comment periods. At a high level, the final texts’ noteworthy substantive revisions from the March submission (noted in the OAG’s Addendum to the Final Statement of Reasons) include the following:
Continue Reading CCPA Regulations Approved

CCPAOn November 3, 2020, Californians will vote on whether to approve a ballot initiative to enact a new California Privacy Rights Act (CPRA). If, as current polling suggests, California voters pass the CPRA into law in November, it will significantly revise the California Consumer Privacy Act (CCPA) of 2018, which entered into force only in January of this year.

The CPRA expands the provisions of the CCPA, removes the ability of businesses to remedy some violations before they are penalized, and creates a new agency – the California Privacy Protection Agency – to implement and enforce it. The CPRA’s substantive provisions would take effect on January 1, 2023, but its new obligations would apply to personal information collected after January 1, 2022.
Continue Reading New California Privacy Initiative Certified for November Ballot

CCPAOn June 1, 2020, the Office of the California Attorney General submitted its final proposed CCPA regulations to the California Office of Administrative Law (OAL) to review for compliance with the California Administrative Procedures Act.  The text of the final proposed regulations is the same as the second set of modifications, released on March 11 and summarized here.  Accompanying the proposed regulations is a Statement of Reasons setting out modifications from the initial proposed text of the regulations published on October 11, 2019.  If the regulations are approved by OAL, the final text will be filed with the California Secretary of State and will become enforceable. The core provisions of the CCPA became operational on January 1, 2020, and the AG may bring enforcement actions under the CCPA as of July 1, 2020, although it could not premise enforcement actions on its regulations until they are final.

Continue Reading California AG Submits Final Proposed CCPA Regulations to the Office of Administrative Law in Final Step to Effectiveness of the Regulations

CABusinesses within the scope of California’s groundbreaking privacy law, the California Consumer Privacy Act (CCPA), which went into effect January 1, 2020, may need to revise privacy policies and change their compliance programs once again if a new ballot initiative passes this November. Californians for Consumer Privacy, the group that sponsored the CCPA, announced last week that it is submitting over 900,000 signatures in favor of the California Privacy Rights Act (CPRA) to qualify the initiative for the November 2020 ballot.
Continue Reading 2020 Ballot Initiative to Expand California Privacy Law Receives 900,000 Signatures

CCPAThe California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Despite requests made by multiple trade associations for delay in the enforcement of CCPA due to COVID-19, the California Attorney General’s office has declined to delay enforcement, which is set to begin July 1, despite the AG’s failure to release final regulations.

The AG’s office first released proposed regulations in October 2019, our summary of the draft regulations can be found here. After the new year, the AG released two sets of modifications to the draft regulations on February 10 and March 11. At a privacy and data security conference last week, a staff member from the California state legislature commented that, due to the pressures and working circumstances created by COVID-19, the most recent version of the regulations, published March 11, are likely to be the version used for enforcement beginning in July. Significantly, the office rejected suggestions that the regulations be delayed because corporations are experiencing these same COVID-19 pressures.
Continue Reading CCPA Regulations Are Likely Final

CCPARecent class action complaints against Zoom Video Communications, Inc. (“Zoom”) are interesting examples of the new risks posed by the California Consumer Privacy Act (“CCPA”) which took effect on January 1. While formal enforcement by the California Attorney General will not begin until July 1, the CCPA’s private right of action allows individuals to bring suits before July. Although the text of the CCPA’s private right of action would lead a reader to believe that the private right of action is limited to suits alleging a breach of personal information, apparently some plaintiffs are not shying away from attempting to use the CCPA to support other litigation.  How the California courts handle such lawsuits will be instructive to businesses who collect personal information from California residents.
Continue Reading Zoom Faces Class Action Complaints Alleging CCPA Violations

Communication network of United States of America.

The California Consumer Privacy Act (CCPA) inspired legislators in several other states to attempt to pass similar legislation aimed at protecting the privacy rights of consumers. As the legislative calendars for most of those states have wound to a close before the recent election, this Alert reviews those bills as a preview to what we should expect in the next legislative session, particularly as several states will be returning a more progressive assembly.

Continue Reading New State Bills Inspired by the California Consumer Privacy Act May Re-appear Next Year

On October 11, 2019, Governor Gavin Newsom signed into law five bills that directly amend the California Consumer Privacy Act (the “CCPA”) – AB 25, AB 874, AB 1146, AB 1355 and AB 1564. In addition, Governor Newsom signed two other bills related to data privacy, AB 1202 and AB 1130. The Governor’s signature came the day after California Attorney General Xavier Becerra released proposed regulations governing compliance with the CCPA. Ropes & Gray’s recent Alert describing the proposed regulations is available here.

Continue Reading California Governor Signs CCPA Amendments and Other Data Privacy-Related Bills into Law

3_CA AG releases regs_SS_1594280731

On October 10, 2019, the California Attorney General Xavier Becerra released proposed regulations governing compliance with the California Consumer Privacy Act (the “CCPA”). The proposed regulations offer guidance regarding compliance obligations with respect to five main areas: notices to consumers; business practices for handling consumer requests; verification of requests; and special rules regarding minors and non-discrimination. The proposed regulations are open to a public notice and comment period until December 6, 2019, prior to possible modification and ultimate adoption of finalized rules.

Continue Reading California Attorney General Releases Proposed CCPA Regulations