2B Advice
TEL: +1 (858) 366-9750
Privacy News

California Attorney General Releases First Draft of CCPA Regulations

California Attorney General Releases First Draft of CCPA Regulations

On October 10, the California Attorney General released the first draft of the long-awaited Regulations for the implementation of the California Consumer Privacy Act (“CCPA”) slated to enter into force on January 1, 2020. On 24 pages, the Regulations fill in the blanks left by the CPPA to be completed by the AG but go way beyond that. In its five articles, the draft Regulations (“Regs”) provide guidance on topics such as Notices to Consumers, Business Practices for Handling Consumer Requests, Verification of Requests, and Special Rules Regarding Minors.

All of those chapters embrace a fairly detailed prescriptive approach that may foreclose the possibility of the market developing industry–specific, perhaps less burdensome ways of complying with the requirements of the CCPA. This may be the reason why the reaction of some early commentators was less than enthusiastic, referring to the Regs as a missed opportunity to speak in a language that business understands.

From the perspective of a commentator steeped in managing GDPR compliance two sections of the Regs call out for their surprising level of detail. One is Section 999.308 (Privacy Policy) that mirrors in many respects the transparency requirements espoused by the EDPB (Guidelines on Transparency under Regulation 2016/679, WP 260 rev.01) and provides detailed instructions as to the information required to be included for each of the types of Consumer Rights. The other segment of the Regs meriting special attention is its Chapter 4 that provides four pages of detailed instructions as to how to verify the authenticity of consumer requests, depending on the nature of the request and the sensitivity of the information at stake. While it is certainly possible to consider alternative solutions, the California regulator goes here well beyond the level of guidance provided by the EDPB or its constituent Supervisory Authorities.

The CA Attorney General has certainly stepped out boldly with this first draft of the CCPA Regs and put the industry on notion that it cannot cut-and-paste itself into compliance. As this is only the first salvo in a hard fought battle between industry lobbyists, consumer advocates and other stakeholders, it remains to be seen what the final shape of the Regs will be after December 6, the end of the comment period. Stay tuned California.

Similar Blog Posts

Data Privacy vs Security: Common Misconceptions Data Privacy vs Security: Common Misconceptions

Privacy is often associated with security in popular literature and the media, consumers assume that they are the same thing, when they are not.

What is Privacy Software? What is Privacy Software?

Data protection requirements have become so complex that even small and medium-sized companies need a data protection tool.

Cybersecurity and Privacy Solutions in Smart Cities Cybersecurity and Privacy Solutions in Smart Cities

The impact of privacy law on Smart Cities application is discussed, as is the potential for off specification data collection that may be a target for hacking.


Blog Categories



2B Advice LLC
7220 Avenida Encinas #208
Carlsbad, California, USA

Tel: +1 (858) 366 9750

Please enter the text you see below:

Another Image
Thanks for contacting us! One of our representatives will be in contact with you shortly regarding your inquiry.