The Article 29 Working Party took the position that for an action to constitute profiling three elements must be met:

  1. An activity must involve “an automated form of processing;”
  2. An activity must be “carried out on personal data;”
  3. The objective of the activity must be “to evaluate personal aspects about a natural person.”1

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access and deletion requests

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, if a business offers a do not sell my personal information

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses that sell personal information must report on the percentage of

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, if a business offers a do not sell my personal information

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access requests that the

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access requests that the

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Specifically, businesses must publicly report:

  • The number of access requests that the business received,