Topic: CCPA

Court delays new California privacy regulations

By David Kessler (US) and Susan Ross (US) on July 1, 2023 Posted in CCPA

On June 30, 2023—the day before the regulations were scheduled to go into effect—the Superior Court of California halted the enforcement of the California regulations that had been finalized on March 29, 2023 until March 29, 2024. (California Chamber of Commerce v. California Privacy Protection Agency, No. 34-2023-80004106-CU-WM-GDS (Cal. Super. June 30, 2023) (minute order).) … Continue reading

Validating State Privacy Law Opt-Out Signals

By Steve Roosa (US) and Daniel Rosenzweig (US) on March 29, 2023 Posted in CCPA, Data Protection, Privacy law

State privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. But if you have implemented an opt-out, how do you know it actually works? Read the full NT Analyzer blog, “Validating State Privacy Law Opt-Out Signals.”… Continue reading

Maybe This Time : Federal Government Proposes the American Data Privacy and Protection Act

By Anna Rudawski (US), Chris Cwalina (US) and David Kessler (US) on June 8, 2022 Posted in CCPA, Compliance and risk management, Privacy law

On Friday, June 3, 2022, the Senate and House released a draft of the American Data Privacy and Protection Act, (ADPPA), a watershed privacy bill that would introduce a federal standard. Currently, a hodgepodge of industry-specific and state laws make up the backbone of American privacy regulations and rights, so a national framework for privacy … Continue reading

CPRA Rulemaking Delayed – California Privacy Protection Agency Meets and Previews CPRA Rulemaking Timeline

By Anna Rudawski (US) and David Kessler (US) on February 17, 2022 Posted in CCPA, Compliance and risk management, Privacy law

On February 17, 2022 the California Privacy Protection Agency’s Board (“Board”) met to discuss their progress launching the new agency. They also shared their projected timeline for rulemaking. The California Privacy Protection Agency (CPPA) is the new agency charged with enforcing the California Privacy Rights Act (CPRA). The big news is that the Board … Continue reading

CCPA regulations: perhaps the fourth time is the charm

By David Kessler (US) and Susan Ross (US) on December 14, 2020 Posted in CCPA

Norton Rose Fulbright - Data Protection Report blog

On December 10, 2020, the California Attorney General proposed a fourth set of modifications to the California Consumer Privacy Act (CCPA) regulations, in response to comments received regarding the October proposed modifications. (We had written about the October proposals here.)… Continue reading

California Massachusetts and Michigan – 2020 ballot initiatives on privacy

By David Kessler (US) and Susan Ross (US) on November 6, 2020 Posted in CCPA

The US elections on November 3, 2020 included three states with privacy-related ballot initiatives: California, Massachusetts, and Michigan. Voters supported all three initiatives.… Continue reading

Just when you thought it was safe—California AG issues proposed CCPA regulation changes

By David Kessler (US) and Susan Ross (US) on October 15, 2020 Posted in CCPA, Compliance and risk management

The California Attorney General has just issued some proposed revisions to the California Consumer Privacy Act (CCPA) regulations and our readers may be surprised by one of the proposed changes. You may recall that California’s Office of Administrative Law (OAL) had rejected some the proposed CCPA regulations during the summer, but accepted most of them. … Continue reading

CCPA – Health Research Bill Passes Legislature

By David Kessler (US), Susan Ross (US) and Anna Rudawski (US) on September 9, 2020 Posted in CCPA

Although the bill to amend the California Consumer Privacy Act (CCPA) to extend the so-called “B-to-B” and “employee” exceptions for one more year has garnered many headlines, the California legislature passed a second CCPA amendment (AB 713) that will be of interest to anyone involved in medical research as the new bill would ease some … Continue reading

California AG Issues Significant Changes to Draft CCPA Regulations as of March 2020

By Jeewon Kim Serrato (US) and Susan Ross (US) on April 9, 2020 Posted in CCPA

Data Protection Report - Norton Rose Fulbright

On February 7, 2020, and again on March 11, 2020, the Office of the Attorney General (OAG) issued revisions to the proposed California Consumer Privacy Act (CCPA) regulations, and there are some surprises in both the additions and in the deletions. For the CCPA regulations to become effective on July 1, the final regulation text … Continue reading

State of the Union: CCPA and Beyond in 2020

By Jeewon Kim Serrato (US) and Susan Ross (US) on January 13, 2020 Posted in CCPA

Data Protection Report - digital privacy, CCPA and cybersecurity

On New Year’s Day, you may have received emails from numerous companies saying their privacy policies have changed, or noticed a link at the bottom of many companies’ homepages stating “Do Not Sell My Info.” These are two of the more visible requirements of the California Consumer Protection Act (CCPA) and companies are still in … Continue reading

The Privacy Officers’ New Year’s Resolutions

By Marcus Evans (UK) and Janine Regan (UK) on January 6, 2020 Posted in CCPA, Compliance and risk management

1. Brace yourself (for export turbulence) 2020 could well be a year of data export turmoil – so brace yourself. The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) (Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems) whilst the General Court of the … Continue reading

Here We Go Again: Another Ballot Initiative for CCPA in 2020

By David Kessler (US) and Susan Ross (US) on December 2, 2019 Posted in CCPA

As companies get ready for the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, compliance is complicated because there are still several moving variables: Draft regulations have been proposed but may not be final until after January 1, 2020. The recent amendments to CCPA include two important exceptions (business-to-business (B2B) and the … Continue reading

California Governor signs all 5 CCPA amendments

By Jeewon Kim Serrato (US) and Susan Ross (US) on October 14, 2019 Posted in CCPA

On Friday, October 11, 2019, the California Governor signed all five of the California Consumer Privacy Act amendments that were awaiting his signature (AB 25, 874, 1146, 1355, and 1564) as well as an amendment to California’s data breach law (AB 1130). We had previously written about the impact on CCPA if all five amendments … Continue reading

Mic Drop: California AG releases long-awaited CCPA Rulemaking

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) and Max Kellogg (US) on October 11, 2019 Posted in CCPA, Compliance and risk management

On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press … Continue reading

And then there were five: CCPA amendments pass legislature

By Jeewon Kim Serrato (US) and Susan Ross (US) on September 17, 2019 Posted in CCPA, Compliance and risk management, Enforcement

Executive Summary The wait is over: Only five CCPA amendments made it through the California legislature. The amendments are limited in scope, which means the CCPA will go into effect, largely intact, on January 1, 2020. The California legislative session for 2019 ended on September 13 and the following five amendments to the California Consumer … Continue reading

CCPA: “Wait and see” is not the right approach

By Chris Cwalina (US), David Kessler (US), Steve Roosa (US), Jeewon Kim Serrato (US) and Susan Ross (US) on August 29, 2019 Posted in CCPA, Compliance and risk management

We are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links … Continue reading

One-Month Countdown to Pass CCPA Amendments Begins

By Jeewon Kim Serrato (US) and Susan Ross (US) on August 12, 2019 Posted in CCPA, Compliance and risk management, Enforcement

On August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline. As previously reported, any amendment … Continue reading

Back At The Negotiating Table: CCPA Amendments Debate Continues

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US) and Anna Rudawski (US) on July 16, 2019 Posted in CCPA

In a 12-hour marathon hearing, the California Senate Judiciary Committee on July 9, 2019, debated, struck down, scaled back and put back on the negotiating table key amendments to the California Consumer Privacy Act (“CCPA”). Read below to find out what happened to the much-anticipated “employee exception” bill, “customer loyalty program” bill, and the bill … Continue reading

“What’s cooking” in Sacramento: CCPA’s “employee exception” bill is amended; “publicly available information” exception is broadened, and consumer access rights are clarified

By Jeewon Kim Serrato (US) and Susan Ross (US) on July 3, 2019 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s eleventh blog post in a series of CCPA blog posts. Stay tuned for additional posts on the CCPA. As America prepares for the Fourth of July holiday weekend, the California legislature continues to work on amending the California Consumer Privacy Act (“CCPA”), as it races to get modifications passed … Continue reading

Nevada, New York and other states follow California’s CCPA

By Jeewon Kim Serrato (US) and Susan Ross (US) on June 6, 2019 Posted in CCPA, Compliance and risk management

The US privacy law landscape continues to shift and evolve as state and federal privacy legislative proposals continue to be debated and become enacted. While CCPA-like bills in Washington and Texas failed to pass, Nevada passed its online privacy amendment and proposals in New York and Washington, DC appear to be gaining momentum.… Continue reading

CCPA: “Attorney General Amendment” Likely Dead

By David Kessler (US), Spencer Persson (US), Steve Roosa (US), Jeewon Kim Serrato (US) and Susan Ross (US) on May 17, 2019 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s ninth blog post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. On May 16, 2019, the California Senate Appropriations Committee held a hearing that included S.B. 561, the “Attorney General amendment” to the … Continue reading

GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019

By Jeewon Kim Serrato (US) and Daniel Rosenzweig (US) on February 27, 2019 Posted in CCPA, Compliance and risk management, Enforcement

This is the Data Protection Report’s eighth blog post in series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional posts on the CCPA. With significant enforcement activity and new laws being enacted or proposed since the start of the year, regulators in the EU and … Continue reading

Comments at CCPA public forum in Los Angeles highlight tensions between businesses and consumer rights groups

By Jeewon Kim Serrato (US) and Arleen Fernandez (US) on January 31, 2019 Posted in CCPA, Compliance and risk management

On January 25, 2019, the California Attorney General’s Office held a public forum in Los Angeles to solicit feedback on the California Consumer Privacy Act of 2018 (“CCPA”) as it prepares to draft regulations which must be adopted on or before July 1, 2020.… Continue reading

California Attorney General’s Office begins CCPA rulemaking process with first public hearing while Congress debates new federal privacy law

By Jeewon Kim Serrato (US) and Arleen Fernandez (US) on January 14, 2019 Posted in CCPA, Compliance and risk management

This is the Data Protection Report’s sixth post in a series of CCPA blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. The California Consumer Privacy Act of 2018 (“CCPA”), California’s new privacy law which takes effect on January 1, 2020, requires the Attorney General to … Continue reading