California Consumer Privacy Act

Time for a U.S. federal privacy law?

“U.S. Sen. Roger Wicker, R-Miss., chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled, “Revisiting the Need for Federal Data Privacy Legislation,” at 10:00 a.m. on Wednesday, September 23, 2020.

The hearing will examine the current state of consumer data privacy and legislative

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

Two bills dealing with processing COVID-19 data in California were referred to the Senate Appropriations Committee.

Assembly Bill 660 prohibits data collected, received or prepared for purposes of contact tracing from being used or disclosed for any purpose other than facilitating contact tracing efforts. It also requires the data collected to be deleted within 60

In the wake of the UK A-Level algorithm fallout, the U.S. National Institute of Standards and Technology (NIST) has published a report, for public comment, on the Four Principles of Explainable Artificial Intelligence.

“AI is becoming involved in high-stakes decisions, and no one wants machines to make them without an understanding of why,” said NIST

The California Attorney General has announced that the state’s Office of Administrative Law (OAL) granted its approval of final regulations under the California Consumer Privacy Act (CCPA). They are effective immediately.

The AG stated: “With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy. These rules guide consumers

The International Association of Privacy Professionals (IAPP) has put together a helpful tracker of CCPA amendments.

There are currently five amendments in play, including amending the definition of de-identification and extending the employee and B2B carve outs until January 2022 if the California Privacy Rights Act (CPRA), which is on the CA ballot, doesn’t pass.

Commentors on the final California Consumer Privacy Act regulation queried: “Are session cookies a “unique personal identifier?”

The California Attorney General replied: Maybe, depending on the context.

  • A “unique personal identifier” is a persistent identifier that can be used to recognize a consumer.
  • If a session cookie cannot be used to recognize a consumer, family

Commenters to the final California Consumer Privacy Act (CCPA) regulations asked if it is possible to provide information about, and access to the “Do not Sell” link and/or opt out opportunity in the privacy notice?

The California Attorney General’s answer: No.

  • The notice of right to opt out is a separate obligation from the CCPA’s

Commenters on the final California Consumer Privacy Act (CCPA) regulations asked if a company gives you a product without charge but in consideration for your information,  could that still be deemed a financial incentive requiring the company to calculate and disclose the value of the consumer’s data?

The California Attorney General’s answer: Yes.

  • If you