During its June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) voted to initiate the formal California Privacy Rights Act (CPRA) rulemaking process. The draft rules are expected to be very similar to those previously published in advance of the Board meeting, although Deputy Attorney General Lisa Kim noted during the meeting that minor errors may be updated prior to the formal submission of the draft rules. The current draft rules and Initial Statement of Reasons (ISOR) continue to be accessible on the CPPA website.Continue Reading California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process
CCPA
The CPPA Meets on May 26th, 2022
The California Privacy Protection Agency (“CPPA”) held a board meeting on May 26th, 2022. At the meeting, Executive Director Ashkan Soltani, Acting General Counsel Brian Soublet, and members of the Board offered insight into the following key topics:Continue Reading The CPPA Meets on May 26th, 2022
California Privacy Protection Agency Staff Posts Draft Rules Implementing the CPRA
In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA). The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations. …
Continue Reading California Privacy Protection Agency Staff Posts Draft Rules Implementing the CPRACalifornia Privacy Protection Agency Holds Informational Hearings
The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year. While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program. The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings
Reminders of Annual CCPA Updates
As the year comes to an end, consider whether your business is required to make an annual privacy policy update and share updated consumer metrics under the CCPA.
Continue Reading Reminders of Annual CCPA Updates
CCPA Consumer Request Metrics Reporting Due July 1, 2021
The deadline is quickly approaching for businesses to post their consumer request metrics under the California Consumer Privacy Act (CCPA) Regulations.
Continue Reading CCPA Consumer Request Metrics Reporting Due July 1, 2021
Members of the California Privacy Protection Agency Announced
The five members of the California Privacy Protection Agency (“CPPA”) were announced today. The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).
Continue Reading Members of the California Privacy Protection Agency Announced
Court Dismisses CCPA Claim Against Google
Last week, a federal district court in San Francisco dismissed a claim under the California Consumer Privacy Act (“CCPA”). The plaintiff alleged that Google had collected personal information without complying with the CCPA’s notice and consent requirements. The court held that the CCPA’s private right of action does not extend to these provisions of the law. It appears that this is the first time a court expressly reached this conclusion. The case is McCoy v. Alphabet, No. 20‑cv‑05427 (N.D. Cal. Feb. 2, 2021).
For context, the plaintiff alleged that Google used an internal program called “Android Lockbox” on its Android operating system to monitor and collect data from Android users as they used non-Google apps on their phones. The alleged data collection included when and how often these third-party apps were used and the amount of time users spent on the third-party apps. Based on these allegations, the plaintiff asserted eleven different claims. Among these was a claim that Google violated the CCPA by failing to comply with the law’s requirements related to notice and consent.
Continue Reading Court Dismisses CCPA Claim Against Google
The Gift of an Updated Privacy Policy
As the year comes to a close, a reminder that the California Consumer Privacy Act requires companies to update their privacy policies annually. Consequently, as you get ready to spread the holiday cheer, make sure your privacy policy gets some attention as well.
Continue Reading The Gift of an Updated Privacy Policy
Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act
Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect. As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right. It also establishes a new agency to enforce California privacy law. The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.
Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act