The California Attorney General released another set of proposed amendments to the regulations for the California Consumer Privacy Act (“CCPA”). See information page here. These amendments are expected to go into effect in early 2021. These new regulations will take effect and apply to the CCPA as currently enacted and will also apply to Proposition 24 when it becomes effective on January 1, 2023. Proposition 24 was a ballot initiative approved by California voters on November 3, 2020. Proposition 24 substantially amends the CCPA, expands consumer privacy rights and, generally, makes requirements for businesses more stringent.
The focus of these particular amendments is the mechanics of how consumers are to exercise their to “opt out” of having their personal information sold, shared or transferred to a business that did not collect the information. As a reminder, the CCPA requires businesses that collect personal information to provide consumers notice of what information is collected, what business purpose(s) the information is collected and will be used for and notice of to whom the information will be sold, shared or transferred. Further, the CCPA requires that most businesses obtain explicit consent for collecting and selling personal information and, as noted, businesses must provide an opportunity for consumers to “opt out.”
The “opt out” issue has been difficult for the competing business and advocacy interests to reconcile. Essentially, businesses do not like the “opt out” provision for several reasons. First, it is administratively cumbersome requiring businesses to segregate and separate their databases before sale or transfer or sharing. Second, having consumers opt out reduces the quantity of the data making it less valuable to buyers and/or business partners. Finally, the quality of the data may suffer if certain types of consumers turn out to be more likely than other types to opt out. As an analogy, consider targeted demographics for television ratings. Generally, advertisers “chase” younger viewers. Any technology that allows younger viewers to avoid the advertising reduces the value of the television audience. In a similar manner, if valued demographics like college-educated internet users tend to opt out of having their information collected more than other less-desired demographics, then the value of the whole data set degrades.
To avoid this, businesses were beginning to implement strategies to make it more difficult to opt out. The new set of proposed regulations issued for the CCPA is aimed at preventing that. Previous versions of the regulations also attempted to rectify the problem, but earlier versions of the regulations were withdrawn. Now the Attorney General is focusing on preventing businesses from interfering with the opt out provisions.
In summary, the amendments require the following:
- The opt out option must be “easy” — this means that the opt out option must be prominent, easy to locate on a website, must NOT have more steps than necessary for execution and must NOT require consumers to provide more information than necessary to execute
- Offline businesses that interact with consumers must provide the same sort of notice required for online businesses and must obtain the same types of consents — again, the opt out option must be “easy”
- Makes all notice and consent requirements (including opt out information) applicable online business chiefly dealing with children under the age of 15
For more information, contact the data privacy lawyers at Revision Legal at 231-714-0100.
