The California attorney general released a fourth set of proposed modifications to the California Consumer Privacy Act regulations; notable regulatory changes include a new opt-out button for websites and an offline notice of the right to opt out.
The California attorney general issued a fourth set of proposed modifications to the regulations implementing the California Consumer Privacy Act (CCPA) on December 10, 2020. The attorney general’s office issued this latest proposed modifications in response to comments received in response to the third set of draft modifications released on October 12, 2020. Because the third set of proposed modifications was never finalized by the California Office of Administrative Law (OAL), the California attorney general issued the fourth set of proposed modifications to address stakeholder comments and better conform the proposed regulations to the CCPA. The proposed modifications additionally update the publicly available “rulemaking package” with research papers and other materials relied upon by the California attorney general in drafting the proposed regulations.
The fourth set of proposed CCPA regulations, if approved by the OAL, build on the third draft set of modifications to require the following:
The proposed modifications would also add provisions in a new Section 999.315(h) requiring that opt-out procedures be easy to use and providing five examples of methods or practices that should be avoided (such as use of confusing language, requiring multiple steps or requiring submission of additional personal information). Lastly, the proposed modifications revise the “Authorized Agent” provisions in Section 999.326(a), allowing a business to require that the authorized agent and the consumer provide proof that such agent is acting on the consumer’s behalf. These two proposals had been included in the third set of proposed modifications, but were not included in the final regulations approved by the OAL.
The California attorney general is accepting public comments on the proposed regulations through December 28, 2020. With the CCPA and its regulations continuing to change, including the recent passage of the California Privacy Rights Act of 2020, businesses should continue to stay abreast of legislative and regulatory developments to verify CCPA and, ultimately, CPRA compliance obligations in California’s ever-changing privacy landscape.
Morgan Lewis has set up a CCPA resource center designed to guide companies and institutions of all sizes through the challenges of this new regulatory environment.
The Morgan Lewis privacy team is providing practical privacy advice to more than 200 businesses on compliance with the CCPA and proposed regulations. If you have any questions or would like more information, please contact any of the following Morgan Lewis lawyers: