California Consumer Privacy Act (CCPA)

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

Earlier this month the California Privacy Protection Agency (CPPA) held its inaugural public meeting.  The CPPA was created under Proposition 24, the California Privacy Rights Act (CPRA), which was approved by California voters on November 3, 2020.
Continue Reading California Privacy Protection Agency Holds First Meeting, Preparing for Upcoming Rulemaking

The five members of the California Privacy Protection Agency (“CPPA”) were announced today.  The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).
Continue Reading Members of the California Privacy Protection Agency Announced

Last week, a federal district court in San Francisco dismissed a claim under the California Consumer Privacy Act (“CCPA”).  The plaintiff alleged that Google had collected personal information without complying with the CCPA’s notice and consent requirements.  The court held that the CCPA’s private right of action does not extend to these provisions of the law.  It appears that this is the first time a court expressly reached this conclusion.  The case is McCoy v. Alphabet, No. 20‑cv‑05427 (N.D. Cal. Feb. 2, 2021).

For context, the plaintiff alleged that Google used an internal program called “Android Lockbox” on its Android operating system to monitor and collect data from Android users as they used non-Google apps on their phones.  The alleged data collection included when and how often these third-party apps were used and the amount of time users spent on the third-party apps.  Based on these allegations, the plaintiff asserted eleven different claims.  Among these was a claim that Google violated the CCPA by failing to comply with the law’s requirements related to notice and consent.
Continue Reading Court Dismisses CCPA Claim Against Google

Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.
Continue Reading California Attorney General Releases Fourth Set of Proposed Modifications to California Consumer Privacy Act Regulations

Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect.  As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right.  It also establishes a new agency to enforce California privacy law.  The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.

Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act

On Monday, the California Attorney General (“AG”) proposed a third set of modifications to the recently enacted California Consumer Privacy Act (“CCPA”) regulations.  Interested parties have until October 28 to file comments in response.

These proposed modifications are the latest effort in an extensive rulemaking process that has lasted more than a year.  Most recently, on August 14, the California Office of Administrative Law (“OAL”) formally approved the AG’s initial set of CCPA regulations, which went into effect immediately.  In approving the regulations, the OAL deleted five provisions that had been included in the version the AG submitted in June, but indicated that the AG could revise and resubmit those subsections for approval in the future.  The latest modifications are largely focused on reviving several of these last-minute removals.
Continue Reading California Attorney General Releases New Proposed Modifications to California Consumer Privacy Act Regulations