Some thoughts from the interactive ad industry on CCPA compliance from a new IAB CCPA Benchmark survey.

  • Allowing the placement of third party trackers for the purpose of advertising is likely a sale.
  • Participants down the advertising chain are sometimes “businesses,” sometimes “service providers” and sometimes “third parties.”
  • Many give CCPA rights to individuals outside

California lawmakers recently passed legislation that amends the California Consumer Privacy Act.

“The most significant outcome of AB 713’s passage is that, pending California Gov. Gavin Newson’s signature, information that is deidentified is exempt from regulation under the CCPA if the information is (1) derived from patient information that is protected under HIPAA, the California

The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic.

Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include:

  • Controller and processor obligations
  • Right of correction
  • Provisions regarding profiling

The International Association of Privacy Professionals (IAPP) has put together a helpful tracker of CCPA amendments.

There are currently five amendments in play, including amending the definition of de-identification and extending the employee and B2B carve outs until January 2022 if the California Privacy Rights Act (CPRA), which is on the CA ballot, doesn’t pass.

Comments to the final California Consumer Privacy Act regulations asked if the  CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies to:

  1. Financial institutions under GLBA
  2. Service providers that must comply with GLBA
  3. Sources of information that are subject to GLBA
The California Attorney General’s Answer:

The California Privacy Rights Act (CPRA) is going on the November ballot and, if passed, will bring California data protection law closer to the European Union’s General Data Protection Reguation (GDPR), implementing concepts such as:

  • data minimization
  • retention limitation
  • sensitive information limitation
  • data protection risk assessments; and
  • strong buttoning down of downstream service providers

This

On the first day the California Consumer Privacy Act became enforceable, California Attorney General Xavier Becerra issued the following public statement:

“Today we begin enforcement of the California Consumer Privacy Act (CCPA), a first-of-its-kind data privacy law in America. We encourage every Californians to know their rights to internet privacy and every business to know

The California Privacy Rights Act (CPRA) is on its way (if approved by voters in November), but what does this mean for you?

  •  First: Assess your core California Consumer Privacy Act (CCPA) compliance, enforcement starts tomorrow. July 1, 2020.
  • Second: Look beyond the consumer facing CCPA “must haves” and button down other CCPA