Privacy News

California Attorney General Releases First Draft of CCPA Regulations

California Attorney General Releases First Draft of CCPA Regulations

On October 10, the California Attorney General released the first draft of the long-awaited Regulations for the implementation of the California Consumer Privacy Act (“CCPA”) slated to enter into force on January 1, 2020. On 24 pages, the Regulations fill in the blanks left by the CPPA to be completed by the AG but go way beyond that. In its five articles, the draft Regulations (“Regs”) provide guidance on topics such as Notices to Consumers, Business Practices for Handling Consumer Requests, Verification of Requests, and Special Rules Regarding Minors.

All of those chapters embrace a fairly detailed prescriptive approach that may foreclose the possibility of the market developing industry–specific, perhaps less burdensome ways of complying with the requirements of the CCPA. This may be the reason why the reaction of some early commentators was less than enthusiastic, referring to the Regs as a missed opportunity to speak in a language that business understands.

From the perspective of a commentator steeped in managing GDPR compliance two sections of the Regs call out for their surprising level of detail. One is Section 999.308 (Privacy Policy) that mirrors in many respects the transparency requirements espoused by the EDPB (Guidelines on Transparency under Regulation 2016/679, WP 260 rev.01) and provides detailed instructions as to the information required to be included for each of the types of Consumer Rights. The other segment of the Regs meriting special attention is its Chapter 4 that provides four pages of detailed instructions as to how to verify the authenticity of consumer requests, depending on the nature of the request and the sensitivity of the information at stake. While it is certainly possible to consider alternative solutions, the California regulator goes here well beyond the level of guidance provided by the EDPB or its constituent Supervisory Authorities.

The CA Attorney General has certainly stepped out boldly with this first draft of the CCPA Regs and put the industry on notion that it cannot cut-and-paste itself into compliance. As this is only the first salvo in a hard fought battle between industry lobbyists, consumer advocates and other stakeholders, it remains to be seen what the final shape of the Regs will be after December 6, the end of the comment period. Stay tuned California.

Similar Blog Posts

10th Enterprise User Meeting of 2B Advice was a complete success! 10th Enterprise User Meeting of 2B Advice was a complete success!

2B Advice invited to a personal group user meeting of the data protection management solution 2B Advice PrIME for the first time in three years on October 13, 2022.

New EuroPriSe Experts New EuroPriSe Experts

2B Advice proudly announces that 15 experienced legal and technical privacy professionals have been admitted as EuroPriSe Experts recently.

Children's Data Protection Children's Data Protection

California is safeguarding children's online information from exploitation by corporations by introducing the Age Appropriate Design Code Act requesting a Privacy Impact Assessment.


Blog Categories