CCPA

During its June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) voted to initiate the formal California Privacy Rights Act (CPRA) rulemaking process.  The draft rules are expected to be very similar to those previously published in advance of the Board meeting, although Deputy Attorney General Lisa Kim noted during the meeting that minor errors may be updated prior to the formal submission of the draft rules.  The current draft rules and Initial Statement of Reasons (ISOR) continue to be accessible on the CPPA website.Continue Reading California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process

In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA).  The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations.  A copy of the proposed

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

The five members of the California Privacy Protection Agency (“CPPA”) were announced today.  The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).
Continue Reading Members of the California Privacy Protection Agency Announced

Last week, a federal district court in San Francisco dismissed a claim under the California Consumer Privacy Act (“CCPA”).  The plaintiff alleged that Google had collected personal information without complying with the CCPA’s notice and consent requirements.  The court held that the CCPA’s private right of action does not extend to these provisions of the law.  It appears that this is the first time a court expressly reached this conclusion.  The case is McCoy v. Alphabet, No. 20‑cv‑05427 (N.D. Cal. Feb. 2, 2021).

For context, the plaintiff alleged that Google used an internal program called “Android Lockbox” on its Android operating system to monitor and collect data from Android users as they used non-Google apps on their phones.  The alleged data collection included when and how often these third-party apps were used and the amount of time users spent on the third-party apps.  Based on these allegations, the plaintiff asserted eleven different claims.  Among these was a claim that Google violated the CCPA by failing to comply with the law’s requirements related to notice and consent.
Continue Reading Court Dismisses CCPA Claim Against Google

Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect.  As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing of personal information for cross-context behavioral advertising and the use of “sensitive” personal information, as well as creating a new correction right.  It also establishes a new agency to enforce California privacy law.  The key provisions of the bill will not go into effect until January 1, 2023, providing much-needed time to clarify the details and for businesses to adjust their CCPA compliance approaches to account for the additional requirements.
Continue Reading Californians Approve Ballot Initiative Modifying the California Consumer Privacy Act