July 27, 2021

Volume XI, Number 208

Advertisement

July 27, 2021

Subscribe to Latest Legal News and Analysis

July 26, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Holiday Gift from California AG: FOURTH Set of Proposed “Modifications” to CCPA Regs Already in Effect

As businesses continue to work on compliance with the California Consumer Privacy Act (CCPA) and the multiple versions of regulations issued by the Attorney General’s Office, Attorney General Becerra has issued yet another set of proposed modifications to the regulations implementing the CCPA.  This fourth set of proposed modifications comes on the heels (and builds on) the third draft set of modifications issued in October.   That October revision had not been finalized after comments had been received.  

This new set of modifications deal with more revisions to the regulations relating to the notice of the right to opt-out of a business’ “sale” of their personal information, and specifically reinstating the requirement for a “button” on a website calling attention to the link to “Do Not Sell My Personal Information.”    In new Section 999.306(f), the proposed regulations have once again published an icon to be used as the “opt-out button” to be used “in addition to posting the notice of right to opt-out, but not in lieu of any requirement to post the notice of right to opt-out or a “Do Not Sell My Personal Information” link” as required in the CCPA and the regulations. (Proposed Regulations Section 999.306(f)(1))

Opt In/Out Button

But wait – there’s more. If you are a business that provides California residents with the “Do Not Sell” link on your website, you have a new button as well:

Do Not Sell My Personal Information Opt In/Out Button

The proposed regulations require that where a business posts the DNS link, “the opt-out button shall be added to the left of the text … The opt-out button shall link to the same Internet webpage or online location to which the consumer is directed after clicking on the “Do Not Sell My Personal Information” link.” (Proposed Regulations Section 999.306(f)(2))

According to the AG’s website, the fourth set of modified draft regulations are subject to another public comment period. The deadline to submit written comments is December 28, 2020 at 5:00 p.m. (PST).

Happy holidays!

©1994-2021 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume X, Number 346
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Advertisement
Advertisement