What do the proposed draft CCPA regulations mean for your…privacy notices?
- Still need four notices: notice at collection, notice of opt out (if you sell), privacy notice and notice of financial incentive (if you have it)
- Notices must meet WCAG 2.1 accessibility requirements
- May use for a purpose different than those listed unless materially different
- Don’t need to list source or purpose of collection for each category of information
- Need to describe category, source and third parties in a manner that would be meaningful for consumers
Notice at Collection
- Should be readily available at point of collection (whether online, offline or on mobile)
- If you collect information from a consumer’s mobile device for unexpected purpose, add just-in-time notice with the purposes and link to your notice
- No “do not sell” button for employee notice at collection
Notice of Opt Out
- Can use suggested opt-out button
- If you don’t have an opt-out notice but collect personal information, you can’t sell it without affirmative opt in
- Still need to describe the categories of third parties to whom information was sold or disclosed, by category of information collected
For an in-depth analysis of the revised regulations, read my detailed analysis.