Finalization of CCPA Regulations
On August 17, 2020, California Attorney General Xavier Becerra announced the finalization of the CCPA regulations, bringing an almost year-long process of refinement to an end. Here’s what was in the last round of clarifications to the law.
Part of an extensively annotated music sheet of Mozart’s Fantasia in D minor.
Update From The CA-AG
On August 17, 2020, California Attorney General Xavier Becerra announced the finalization of the CCPA regulations, bringing an almost year-long process of refinement to an end. We’ve covered some of the previous rounds of updates to the CCPA elsewhere, but given that this marks the end of long rounds of CCPA wordsmithing, we thought the August 17 clarifications deserved a standalone post.
CCPA Clarifications
The key areas that were refined or clarified in this latest and final round were:
- The “Do Not Sell” requirement was amended such that “Do Not Sell My Info” is not listed as acceptable language for the homepage link requirement. This means only “Do Not Sell My Personal Information” is the only explicitly mentioned acceptable language to use when allowing consumers to exercise this right. If your business has implemented a “Do Not Sell My Info” link on your homepage, it must be modified to “Do Not Sell My Personal Information”.
- Next, the California AG deleted the provision that allowed businesses to deny requests from authorized agents who can’t show proof that they’re authorized to act on consumers’ behalf. However, there are other CCPA provisions that allow businesses some ability to verify authority, including permission to verify with the consumer that the authorized agent has been cleared represent them.
- The AG also removed the requirement that businesses offer an offline mechanism for filing Do Not Sell requests. Instead, businesses can direct users to their online service for managing those requests.
- There were additional clarifications around the upfront consent needed to use consumer data for explicit purposes and the user experience requirements for Do Not Sell requests.
Key Takeaways
The final round of CCPA clarifications skews business-friendly. Some of the more onerous requirements around the Do Not Sell requirement were eased or alleviated. With that said, it’s notable that businesses may now need to do more legwork when scoping their dealings with authorized agents purporting to represent California consumers. Perhaps the highest-level takeaway is that the CCPA text is actually finalized – at least until California returns to the ballot box on November 4, 2020 to vote on “CCPA 2.0”, The California Privacy Rights Act.
Per Future of Privacy Forum policy counsel Pollyanna Sanderson:
This essentially leaves the CCPA as a notice and consent regulatory model, with extra room for potentially coercive consent mechanisms.
Ethyca Team
Ethyca’s Second P.x Session: From 0 to Full DSR Automation in 15 Minutes
Read MoreEthyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Consent Management in Fides 2.0
Read MoreIntroducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Key Points From Ethyca’s First P.x Session
Read MoreEthyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
Seen And Heard At SOUPS 2022
Read MoreWe enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
How Do Software Engineers Feel About Data Privacy?
Read MoreAt Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
Convenience Is Not The End-Goal Of Privacy Legislation—In The UK Or Anywhere
Read MoreThe UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Ready to get started?
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo