The California Attorney General and Los Angeles City Attorney last week jointly settled an enforcement action against a mobile gaming company (“the Company”) for alleged violations of the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and the state’s Unfair Competition Law. The city and
California AG
California Privacy Regulators Move Forward with Enforcement of the CCPA
Following on the heels of a California Superior Court’s last minute ruling that stayed enforcement of the revised California Consumer Privacy Act (CCPA) regulations, as previously discussed on this blog, California’s data privacy regulators have responded in ways that confirm they are more committed than ever to holding businesses accountable for alleged violations…
As the California Attorney General focuses on loyalty programs, what do companies need to remember?
The California attorney general (AG) celebrated data privacy day by doing an “investigative sweep” of the loyalty programs of retailers, supermarkets, home improvement stores, travel companies, and food service companies, and sending out notices of non-compliance to businesses that the AG’s office believes might not be fully compliant with the CCPA. As the…
Global Privacy Control Endorsed by California AG – Next Steps
In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –…
Loose files are driving me crazy! What does the California Attorney General have to say about providing unstructured data in response to access requests?
During the rulemaking process, the Office of the Attorney General was requested to clarify that a business is not required to search for, and produce, “unstructured data” such as paper records in response to an access request.1 The Attorney General declined the request, stating that the exclusion of “all unstructured data is not as…
How much control do companies have over how affiliate sharing is classified? Can corporate affiliates that share common branding choose whether they want to be a unified business under the CCPA?
Probably not.
Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size…
Does the $25 million threshold to be considered a business refer to revenue generated in the state of California or worldwide?
In order for an entity to be considered a business, and hence regulated by the CCPA, it must satisfy at least one of three thresholds. One such threshold is whether the business has “annual gross revenue in excess of twenty-five million dollars.”[1]
The CCPA does not specify whether the gross revenue threshold refers to…
Is an IP address considered personal information?
Maybe.
Personal information is defined by the CCPA as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”[1] While the Act provides a list of examples of personal information – which explicitly includes “Internet Protocol Address” –…
Does the CCPA require businesses that develop software or online browsers to provide consumers a user-enabled privacy control?
No.
The regulations implementing the CCPA require that in-scope businesses must provide two or more designated methods of submitting requests to opt-out, including an interactive form accessible via a clear and conspicuous link titled “Do Not Sell My Personal Information,” on the business’s website or mobile application.[1]
In addition to the “DNSMPI” link noted…
The CCPA Regulations Are Final – Summary of OAL’s Changes
On August 14, 2020, the California Attorney General (AG) announced that the Office of Administrative Law (OAL) approved the California Consumer Privacy Act (CCPA) regulations, which will take effect immediately. The OAL’s approval concludes the expedited review process requested by the AG on June 1. For more information on the review process, see GT’s June…