In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –

During the rulemaking process, the Office of the Attorney General was requested to clarify that a business is not required to search for, and produce, “unstructured data” such as paper records in response to an access request.1 The Attorney General declined the request, stating that the exclusion of “all unstructured data is not as

Probably not.

Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size

In order for an entity to be considered a business, and hence regulated by the CCPA, it must satisfy at least one of three thresholds. One such threshold is whether the business has “annual gross revenue in excess of twenty-five million dollars.”[1]

The CCPA does not specify whether the gross revenue threshold refers to

Maybe.

Personal information is defined by the CCPA as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”[1] While the Act provides a list of examples of personal information – which explicitly includes “Internet Protocol Address” –

No.

The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.[1]

In addition to the “DNSMPI” link noted

On August 14, 2020, the California Attorney General (AG) announced that the Office of Administrative Law (OAL) approved the California Consumer Privacy Act (CCPA) regulations, which will take effect immediately. The OAL’s approval concludes the expedited review process requested by the AG on June 1. For more information on the review process, see GT’s June

Following much anticipation, the Office of the California Attorney General (OAG) moved one step closer to the California Consumer Privacy Act (CCPA)’s wide-ranging implementing regulations becoming enforceable by law by filing the final CCPA Regulations with the California Office of Administrative Law (OAL) on June 1.

The CCPA grants the OAG the authority to begin

Today, the California Office of the Attorney General (OAG) released a second set of modifications to its proposed California Consumer Privacy Act (CCPA) Regulations.

The proposed regulations were first published and noticed for public comment on October 11, 2019. On February 10, 2020, the OAG released modifications to the proposed regulations based on the earlier

Today, the California Office of the Attorney General (OAG) released much-anticipated revisions to its proposed implementing regulations to the California Consumer Privacy Act (CCPA).

The following were issued by the OAG on its website:

  • A notice of modifications to the text of the proposed regulations;
  • A redlined version of the revised regulations, showing the