In a potentially significant development for companies subject to the California Consumer Privacy Act, as amended (CCPA), on Feb. 9, California’s Third District Court of Appeal overturned a Superior Court decision issued in June 2023 that had stayed the enforcement of new CCPA regulations finalized by the California Privacy Protection Agency (CPPA), first-in-the-nation privacy regulator
California Privacy Regulators Move Forward with Enforcement of the CCPA
Following on the heels of a California Superior Court’s last minute ruling that stayed enforcement of the revised California Consumer Privacy Act (CCPA) regulations, as previously discussed on this blog, California’s data privacy regulators have responded in ways that confirm they are more committed than ever to holding businesses accountable for alleged violations…
Enforcement of CCPA, As Amended, Now Begins; Revised Regulations To Be Enforced March 29, 2024
On June 30, 2023, the Superior Court for the County of Sacramento issued a minute order enjoining the California Privacy Protection Agency (CPPA or Agency) from enforcing updates to the existing CCPA regulations until March 29, 2024, twelve months after they were finalized. However, the Agency’s enforcement of the CCPA, as now amended by the California…
Under the CCPA, can a service provider use personal information for its own purposes if it deidentifies or aggregates it?
The CCPA states that a service provider must be contractually prohibited from “retaining, using, or disclosing the personal information [provided to it by a business] for any purpose other than for the business purposes specified in the contract for the business . . . .”[1] That prohibition, however, may not apply to information once…
California Proposed Privacy Regulations Would Impose Significant Compliance Costs on Business
On July 8, 2022, the California Privacy Protection Agency (“CPPA”) released proposed regulations to implement the California Privacy Rights Act (“CPRA”). The new proposals would dramatically change the existing regulations that apply to organizations that do business in California.
Click here to read the full article, published by the Washington Legal Foundation Aug. 19, 2022.
New California Privacy Regulator Invites Feedback to Proposed Rules under the California Privacy Rights Act
The California Privacy Protection Agency (the “Agency” or CPPA), the new California state agency created under the California Privacy Rights Act of 2020 (CPRA) to oversee and enforce the California Consumer Privacy Act (CCPA) and the CPRA, has recently called for preliminary public comments on a proposed rulemaking under the CPRA. See the invitation from…
Does the CCPA adopt a specific standard for deidentifying information?
No.
The CCPA defines “deidentified” data as information that “cannot reasonable identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.”1 A number of individuals and entities requested that the Office of the California Attorney General provide guidance as to what steps should be…