“In California we are rebalancing the power dynamic by putting power back in the hands of consumers. I encourage all Californians to take a moment to understand their new rights and exercise these rights to take control of their personal data,” wrote California Attorney General Xavier Becerra.

“Becerra has issued an advisory for consumers highlighting

“Adequacy” seems to be the hardest word.

On the brink of Brexit and the UK becoming a “third country” without a so called “adequacy” status for the cross border transfer of personal data from the European Union — Could California have its own Privacy Shield arrangement separate from the rest of the U.S.?

This question

On the sixth day of CCPA the California Senate Health Committee gave to me … a HIPAA carve-out.

AB 713, reported favorably by the California Senate Health Committee, would expand the exemption related to HIPAA and medical research.

Specific carve-outs:
  • De-identified PHI or medical information, provided that the business does not attempt nor actually re-identify

“Though it’s hard to predict what will happen with regard to a federal privacy bill in 2020, the reality is that the CCPA is here and other states will surely follow,” writes Jedidiah Bracy of the International Association of Privacy Professionals.

“In addition to driving policy talks in the nation’s capital, the CCPA may also

The Digital Advertising Alliance (DAA) announced that its web- and app-based tools are expected to go live on Jan. 1, 2020, as the California Consumer Privacy Act (CCPA) takes effect.

The web-based tool will enable consumers to express an opt out from sale of their personal information, including its use for interest-based advertising, by companies

California Attorney General Xavier Becerra released the title and summary for the CCPA 2.0 ballot initiative, the California Privacy Rights Act.

Key provisions:
  • Right to amend inaccurate information
  • Right to restrict the use of “Sensitive Personal Information” which includes finances, race, biometric information or information revealing health status or precise location.
  • Data minimization (collect only

A sale by any other name, part 2.

Consumer rights advocates want the California Attorney General to clarify the definition of “sale.”

“The Attorney General should promulgate regulations reflecting that the transfer of data between unrelated companies for any commercial purpose falls under the definition of sale, so that consumers can opt-out of the sharing

“If you’re going to see real enforcement — aggressive, early, decisive enforcement action — early on, it will deal with kids,” said California Attorney General Xavier Becerra, speaking during a news conference

Additional key takeaways:

Enforcement priorities:

  • Sensitive information like health data, Social Security numbers and dating patterns
  • Children’s information (parental consent for under 13

If ain’t a sale don’t fix it?

Facebook told advertisers it doesn’t need to make changes to its web-tracking services to comply with CCPA.

Facebook maintains that routine data transfers about consumers may not fit the law’s definition of “selling” data. Other major competitors, have introduced new tools to comply with the law’s mandate to