California Attorney General’s New Privacy Enforcement Targets are Apps and Opt-Outs
On the eve of Data Privacy Day, the California Attorney General announced a new investigative focus for compliance with the California Consumer Privacy Act (CCPA) on mobile applications, specifically popular apps in the retail, travel, and food service industries. The Attorney General sent letters to businesses with mobile applications that have allegedly failed to comply with consumer opt-out requests, do not offer any mechanism for consumers who want to stop the sale of their data, or failed to process consumer requests submitted via an authorized agent, including via third-party applications such as Permission Slip.
The Attorney General stated this new focus on mobile application compliance comes due to the wide array of sensitive information applications can access on an individual’s mobile device.
Under the CCPA, businesses that receive notices have 30 days to fix the alleged violations before an enforcement action may be initiated by the state.
This announcement of further potential enforcement actions comes only four months after the state’s first enforcement action and settlement under the CCPA, which resulted in a settlement of $1.2 million in penalties, as well as injunctive relief.
Businesses with mobile applications should review compliance requirements and whether their mobile applications are following these and other CCPA requirements, including the changes made by the California Privacy Rights Act (CPRA).