The regulations enhance consumer protections under the data privacy law.
California Attorney General Xavier Becerra has released additional regulations approved by the Office of Administrative Law (OAL) that advance consumer protections under the California Consumer Privacy Act (CCPA).
These new rules strengthen the language of the CCPA regulations approved by OAL in August 2020, including protecting consumers from unlawful business practices that may be deceptive or misleading, according to a news release from Becerra’s office.
"California is at the cutting edge of online privacy protection, and this newest approval by OAL clears even more hurdles in empowering consumers to exercise their rights under the California Consumer Privacy Act,” Becerra said in the news release. “These protections ensure that consumers will not be confused or misled when seeking to exercise their data privacy rights.”
The CCPA was signed into law on June 28, 2018, and was further amended through several bills on Sept. 23, 2018, and Oct. 11, 2019. The law went into effect on Jan. 1, 2020, ACA International previously reported.
As a refresher, key requirements of the CCPA include:
- Businesses must disclose data collection and sharing practices to consumers;
- Consumers have a right to request that their data be deleted, although there are exceptions that should apply to the collections industry;
- Consumers have a right to request what information is collected; and
- Businesses are required to provide a privacy notice prior to collecting information from a consumer.
The regulations, which originally went into effect in August 2020, establish procedures for compliance and exercise of rights, as well as clarify important transparency and accountability mechanisms for businesses subject to the law.
The newly approved regulations announced March 15 ban so-called “dark patterns” that delay or obscure the process for opting out of the sale of personal information, according to the news release from the attorney general.
Specifically, they prohibit companies from burdening consumers with confusing language or unnecessary steps, such as forcing them to click through multiple screens or listen to reasons why they shouldn’t opt out.
In addition to writing regulations to implement the CCPA, the California Department of Justice enforces the law, according to the news release. Businesses found to be out of compliance with the CCPA receive a “notice to cure” that provides a 30-day window to remedy their noncompliance. Since CCPA enforcement began on July 1, 2020, the department has seen widespread compliance by companies doing business in California, especially in response to notices to cure.
In November 2020, California voters approved Proposition 24, the California Privacy Rights Act (CPRA), which sought to amend the CCPA. Some of the attorney general’s responsibilities under the CCPA will transition over to the California Privacy Protection Agency created under the CPRA. However, the attorney general will retain the authority to go to court to enforce the CPRA. Enforcement of the CPRA will begin in 2023, according to the news release.
For more information about the amendments to the CCPA regulations, or to review the documents submitted to OAL, visit the CCPA website.