California Attorney General Issues Second Year CCPA Enforcement Report: Key Takeaways

Yes, your privacy notice does need to be “that good.” If it isn’t, the California Attorney General’s Office might come knocking.

Here are some key points from the AG’s second year enforcement report:

Get Those Global Privacy Controls. Period.

You can’t use web tracking technologies to make consumers’ personal information available to third parties in exchange for services like advertising or analytics, without offering an opt-out mechanism or ensuring the third party is a CCPA-compliant service provider. There is a specific emphasis on not recognizing/using Global Privacy Control.

Privacy Notice Deficiencies The notice must be easy to read or understandable to the average consumer.You must include a notice of CCPA consumer rights and whether or not you sell information (with clear disclosures).You must describe the information a consumer must provide in order to make a verifiable consumer request.You must list the categories of personal information collected or disclosed in the past twelve months.If you are a service provider and a business for some processes, you must make this clear in your notice. Consumer Rights You can’t require people to accept TOS and privacy policy as a condition to exercising rights.You can’t limit the exercise of rights to once per 12 months.You can’t force people to take additional steps to opt-out by directing consumers to a third-party trade association’s tool designed to manage online advertising.You can’t use a double negative.You have to use simple language.Simple, easy to understand toggles are better than confusing drop down menus.It can’t be unclear if

Read more

Explore the site

More from the blog

Latest News