March 28, 2023

Volume XIII, Number 87


March 27, 2023

Subscribe to Latest Legal News and Analysis

California AG Announces CCPA Compliance Efforts

The Office of the California Attorney General recently announced that it will initiate an investigative sweep and will start sending letters to businesses about their mobile apps for failure to comply with the California Consumer Privacy Act (CCPA). There is also a new online tool that allows consumers to directly notify a business of an alleged CCPA violation, so we may see an influx of direct-from-consumer complaints.

The Attorney General’s office will focus its investigation on popular apps in the retail, travel, and food services industries. The goal is to determine whether these apps are complying with consumer opt-out requests and do not sell or share requests under the CCPA. The investigation will also focus on the apps’ failures to process consumer requests submitted through an authorized agent under the CCPA. For example, Consumer Reports’ app, Permission Slip, acts as an authorized agent for consumers to submit requests under the CCPA such as opt-outs and deletion requests.

Attorney General Rob Bonta said in the office’s recent press release, “[B]usinesses must honor Californians’ right to opt out and delete personal information, including when those requests are made through an authorized agent. [The] sweep also focuses on mobile app compliance with the CCPA, particularly given the wide array of sensitive information that these apps can access from our phones and other mobile devices. I urge the tech industry to innovate for good — including developing and adopting user-enabled global privacy controls for mobile operating systems that allow consumers to stop apps from selling their data.” Businesses that are subject to the CCPA – and the newly effective amendments under the California Privacy Rights Act (CPRA) – should continue to update and implement their policies, procedures, and processes to ensure compliance with the requirements of these regulations and to hopefully avoid being caught up in this investigative sweep.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XIII, Number 33

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...