The comment period has closed on the third round of proposed changes to the California Consumer Protection Act ("CCPA"), which were announced October 12, 2020, by the California Office of the Attorney General. There are a number of disputes regarding how the proposed revisions will impact a California consumer, but a number of the proposed revisions appear to address the manner in which a consumer may engage in the opt-out collection process.
The Office of the AG will evaluate the comments and send the proposed regulations for approval by the state’s Office of Administrative Law. The changes, scheduled to take effect on January 1, 2021, will apply to all businesses that satisfy the threshold CCPA requirements. The threshold question is whether the business conducts operations in the State of California and:
- has a gross annual revenue of over $25 million worldwide;
- buys, receives or sells personal information of more than 50,000 California residents, households, or devices; or
- derives 50% or more of its annual revenue from selling California consumer personal information.
“The current CCPA language allows for a business to create or implement its own opt-out process or language", said Rachel C. Edwards, Esq., an attorney with Jacko Law Group. “There are a number of very confusing terms that a consumer may not reasonably understand. From our review, the proposed changes now require businesses to use ‘non-confusing’ language.”
The New California Privacy Rights Act to Bring More Change
The underlying confusion that has surrounded the state’s new data privacy laws, however, may linger for some time. As of the drafting of this blog, California voters have approved Proposition 24 – the California Privacy Rights Act (“CPRA”), which is thought to provide California consumers with certain privacy rights and that creates the California Privacy Protection Agency (“CPPA”) that may enforce and implement California privacy laws.
“Since the CCPA is still being revised and updated by the California Legislature, it is unlikely that the CPRA will dispense of the CCPA,” Edwards said. “Rather, approval of the CPRA may result in the underlying concepts being incorporated into the next round of CCPA revisions. As changes continue to occur, and because these two concepts are very similar, it’s important that businesses clearly understand the distinctions between the CCPA and CPRA.”
Edwards cites two possible areas the CPRA may have an impact on the current version of the CCPA once the CPRA becomes law on January 1, 2023. One area of discussion is that the CPRA could restrict who is required to comply with the consumer protections detailed in the CPRA. Specifically, it is thought that the CPRA may limit the definition of what is considered a “business” and may exclude a number of smaller businesses that are now covered by the CCPA. The second area of discussion with the CPRA is a new right for consumers to make corrections to the collected material.
“The CPRA may grant consumers a right to request that a business correct inaccurate personal information maintained by the business about the consumer, taking into account the nature of the personal information and the purposes of collecting the personal information,” Edwards said.
Mitigate the Risk of Data Privacy
If you’re concerned whether your business is prepared for the next wave of changes coming to California’s data and consumer privacy laws, you’re not alone. Let the experienced team at Jacko Law Group assess your readiness and address the need for any updates to your data and consumer privacy protection policies. Contact us at 619.298.2880 or firstname.lastname@example.org to schedule a strategy session that can help your business remain compliant with California’s evolving data and consumer protection laws.
- Managing Partner and CEO
Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC, which offers corporate and securities legal services to broker-dealers, investment advisers, investment companies, hedge/private funds and ...
Add a comment
- A Forgettable Year for Small Business Ends with Memorable Changes to SEC Regs for Exempt Offerings
- Third Set of Modifications to CCPA Prompts California Businesses to Revisit Policy on Consumer Data Privacy
- Area of Focus for Your Annual Review: Custody
- Area of Focus for Your Annual Review: Code of Ethics
- SEC Proposes a Big Exemption to Assist Small Businesses in Raising Much-Needed Capital
- Strategic Guidance with JLG's General Corporate Counsel Service
- Recent Insider Trading Case at Amazon Offers Useful Reminders for Compliance Departments
- Navigating a Successful Merger or Acquisition
- Remaining Vigilant Against Investment Fraud During the COVID-19 Pandemic
- Starting a New Business? Don’t Overlook These Three Essential Considerations
- Securities and Exchange Commission (SEC)
- Investment Advisers
- California Consumer Privacy Act (CCPA)
- Due Diligence
- Transition Services
- Aging Clients
- Policies and Procedures
- Advisers Act
- Virtual Currency
- Dodd-Frank Act
- Broker Protocol
- Office of Compliance Inspections and Examinations (OCIE)
- Ponzi Scheme
- Securities Law
- Form U5
- Private Equity
- Private Funds
- Hedge Funds
- Regulatory Examinations
- Regulation Best Interest
- Personally Identifiable Information (PII)
- Government Shutdown
- Risk Alert
- Social Media Marketing
- Exchange-Traded Funds (ETFs)
- Investment Company Act
- Rule 6c
- Wells Fargo