California Consumer Privacy Act

If ain’t a sale don’t fix it?

Facebook told advertisers it doesn’t need to make changes to its web-tracking services to comply with CCPA.

Facebook maintains that routine data transfers about consumers may not fit the law’s definition of “selling” data. Other major competitors, have introduced new tools to comply with the law’s mandate to

Alastair Mactaggart, the proponent of the “CCPA 2.0” ballot initiative in California, has submitted to the Office of the Attorney General a revised version of the proposed “California Privacy Rights Act” (CPRA) that he hopes to place before voters on the November 2020 general election ballot.

Read my detailed analysis.

The Software Alliance filed comments to the California Attorney General on draft regulations to implement the California Consumer Privacy Act (CCPA) intended to avoid upsetting the business-service provider relationship set out in the statute.

Proposed revisions:
  • A service provider may use personal information received from a business or consumer to serve another entity when a

California’s Internet of Things (IoT) law, which goes into effect on January 1, will regulate organizations that manufacture (or contract with another company to manufacture) certain types of connected devices that are sold or offered for sale in California.

The law will require IoT device manufacturers to equip each connected device “with a reasonable security

A “sale” by any other name?

“We consider, and think the average consumer would consider, that when information is exchanged across devices and platforms, such that an ad follows the consumer from desktop to phone and from site to site, this constitutes a sale of their personal information from one business to another.”

Californians for

Prep for CCPA now, enjoy compliance later.

The Future of Privacy Forum’s Stacey Gray and Polly Sanderson’s comparison of two federal privacy bills shows that steps businesses are taking to comply with the CCPA will serve them well if a federal law is passed:

  • Revise your privacy notice; draft by category: Both bills require detailed

If at first you GDPR, CCPA, CCPA again.

A new CCPA fact sheet published by the California Attorney General provides a concise summary of the law and sets forth some steps that entities subject to GDPR may need to take to comply with CCPA.

This includes:

  • Additional data mapping to reflect the different requirements under

A new comprehensive federal privacy bill, the Consumer Online Privacy Rights Act (COPRA), has been introduced by Senate Commerce Committee Ranking Member Maria Cantwell (D-Wash.) and Senators Ed Markey (D-Mass.) Brian Schatz (D-Hawaii) and Amy Klobuchar (D-Minn.).

Key novel provisions per International Association of Privacy Professionals (IAPP) Research Director Caitlin Fennessy:

  • individual consent for data

The Digital Advertising Alliance has published guidance on the use of a tool for opt out requests under CCPA under its (voluntary) self-regulatory principles.

  • Both the entity that owns and operates the digital property and collects Personal Information directly from a consumer (publisher) and a third party that indirectly collects Personal Information through the