Skip to main content

Additional CCPA Regulations Proposed by California AG

by Chris Brook on Monday August 22, 2022

Contact Us
Free Demo

The potential updates to the data privacy law build off of others proposed in October.

California's Attorney General again is proposing some changes to how the California Consumer Privacy Act is regulated.

In a document published last week, California's AG Xavier Becerra - President-elect Joe Biden's nominee for secretary of health and human services – outlined some proposed additional modifications to certain provisions of the approved CCPA regulations.

While the CCPA - the United States' premier state privacy law - went into effect earlier this year, California's Office of Administrative Law (OAL) didn't approve the regulations regarding the law via the Department of Justice until August 14, 2020.

The recommended changes build off of updates proposed back in October regarding consumer opt out requests. Those interested in submitting a comment for the proposed regulations have until 5 p.m. on December 28.

The first proposed modification involves how data is collected from consumers offline. In October the AG proposed that "a business that collects personal information in the course of interacting with consumers offline shall also provide notice by an offline method that facilitates consumers’ awareness of their right to opt-out."

Now the AG is proposing businesses inform consumers of their right to opt out, either via a sign in an area where personal information may be collected or orally, if on a call. From there, consumers can view the notice online instead of having it read to them or having to read it in person somewhere.

The second proposed modification is a new one but should sound familiar to anyone who tracked CCPA regulations in the early goings. It involves the use of a website button that by clicking will allow individuals to request to opt out of the sale of their personal information.

“The following opt-out button may be used in addition to posting the notice of right to opt-out, but not in lieu of any requirement to post the notice of right to opt-out or a 'Do Not Sell My Personal Information' link," the modified regulation reads.

Do not sell my info

Previous draft regulations included an opt-out button that would have informed companies individuals weren't interested in having their personal information sold. The opt out button was ultimately scrapped in March amid a round of CCPA amendments. At the time, critics of the button suggested it would cause more confusion than clarity; we’ll see if it sticks around this time.

Of course, whatever regulations wind up moving on, they'll be temporary. The state's latest data privacy bill, the California Privacy Rights Act, is set to replace the CCPA in two years.

Tags:  Compliance

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.