2B Advice
TEL: +1 (858) 366-9750
FREE DOWNLOAD
Privacy News

California Attorney General Releases First Draft of CCPA Regulations

California Attorney General Releases First Draft of CCPA Regulations

On October 10, the California Attorney General released the first draft of the long-awaited Regulations for the implementation of the California Consumer Privacy Act (“CCPA”) slated to enter into force on January 1, 2020. On 24 pages, the Regulations fill in the blanks left by the CPPA to be completed by the AG but go way beyond that. In its five articles, the draft Regulations (“Regs”) provide guidance on topics such as Notices to Consumers, Business Practices for Handling Consumer Requests, Verification of Requests, and Special Rules Regarding Minors.

All of those chapters embrace a fairly detailed prescriptive approach that may foreclose the possibility of the market developing industry–specific, perhaps less burdensome ways of complying with the requirements of the CCPA. This may be the reason why the reaction of some early commentators was less than enthusiastic, referring to the Regs as a missed opportunity to speak in a language that business understands.

From the perspective of a commentator steeped in managing GDPR compliance two sections of the Regs call out for their surprising level of detail. One is Section 999.308 (Privacy Policy) that mirrors in many respects the transparency requirements espoused by the EDPB (Guidelines on Transparency under Regulation 2016/679, WP 260 rev.01) and provides detailed instructions as to the information required to be included for each of the types of Consumer Rights. The other segment of the Regs meriting special attention is its Chapter 4 that provides four pages of detailed instructions as to how to verify the authenticity of consumer requests, depending on the nature of the request and the sensitivity of the information at stake. While it is certainly possible to consider alternative solutions, the California regulator goes here well beyond the level of guidance provided by the EDPB or its constituent Supervisory Authorities.

The CA Attorney General has certainly stepped out boldly with this first draft of the CCPA Regs and put the industry on notion that it cannot cut-and-paste itself into compliance. As this is only the first salvo in a hard fought battle between industry lobbyists, consumer advocates and other stakeholders, it remains to be seen what the final shape of the Regs will be after December 6, the end of the comment period. Stay tuned California.

Similar Blog Posts

Austrian Supervisory Authority Issues Record Breaking to Post AG Austrian Supervisory Authority Issues Record Breaking to Post AG

The Austrian Datenschutzbehoerde, the national independent Austrian Supervisory Authority has imposed an 18 Million Euro fine against the Austrian Post AG.

Data protection authorities may prohibit the operation of fan pages Data protection authorities may prohibit the operation of fan pages

In a clarifying ruling, the Federal Administrative Court has further defined the responsibilities of an operator of a Facebook fan page.

ALL BLOG POSTS IN THIS CATEGORY

Blog Categories

Questions?

CONTACT

2B Advice LLC
7220 Avenida Encinas STE 208
92011 San Diego CA

Tel: +1 858 366 9750
Email: sandiego@2b-advice.com

Thanks for contacting us! One of our representatives will be in contact with you shortly regarding your inquiry.