The California Privacy Rights Act is progressing through California’s elections process for inclusion on the November 2020 ballot. Businesses may want to begin considering how their data privacy obligations in California may change if voters enact CPRA. The CPRA would significantly amend the CCPA. Included in this blog post is a summary of key additions and modifications to the CCPA’s existing obligations.
Businesses spent the latter months of 2019 working hard to prepare for the January 1, 2020 implementation of the California Consumer Privacy Act. Months later, those businesses still are uncertain of their full range of potential compliance obligations because the California Attorney General’s CCPA implementing regulations are still not final. As businesses refine their CCPA compliance programs, they should also be aware that privacy rules in California could again change before the end of this year if the California Privacy Rights Act ballot initiative is approved by voters. Both the regulations and the CPRA are subject to complicated administrative processes that could affect their adoption and implementation, as described in this post.
On Wednesday April 15, Hogan Lovells and Ankura hosted a webinar about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. James Denvil from Hogan Lovells’ Privacy and Cybersecurity practice was joined by senior directors from Ankura to share best practices and perspectives. The webinar recording and slides are now available on our blog.
On March 11, The California Attorney General released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act. These modifications update the initial draft regulations published on October 11, 2019 as well as the first set of modified draft regulations published on February 10, 2020. The second set of modifications contain a small number of impactful changes, which we summarize in this post.
On February 20, the Hogan Lovells Privacy and Cybersecurity team addressed key changes in the California Attorney General’s modified draft CCPA regulations. The webinar recording and slides are now available on our blog.
Please join us on Thursday, February 20 for a webinar discussion with Hogan Lovells Privacy and Cybersecurity partners to address key changes in the California Attorney General’s modified draft CCPA regulations.
Please join us on Thursday, February 27 for a webinar discussion with Hogan Lovells attorneys Michelle Kisloff, Michael Maddigan, Adam Cooke, and Vassi Iliadis about the CCPA’s litigation impact and strategies for defending your interests.
On November 14, 2019, the Hogan Lovells Privacy and Cybersecurity team provided an important CCPA update. The webinar recording and slides are now available on our blog.
Please Join us on Thursday, November 14 for a webinar discussion with Hogan Lovells Privacy and Cybersecurity partners Mark Brennan and Tim Tobin of how changes to the California Consumer Privacy Act (CCPA) enacted over the past year and the California Attorney General’s proposed regulations may impact your CCPA compliance efforts.
On October 17, 2019, the Hogan Lovells Privacy and Cybersecurity team discussed key elements of the California Attorney General’s proposed regulations implementing certain provisions of the California Consumer Privacy Act. The webinar recording and slides are now available on our blog.
On October 22, the Interactive Advertising Bureau, a media and marketing industry trade group, released for public comment the California Consumer Privacy Act Compliance Framework for Publishers and Technology Companies and accompanying technical specifications to implement the Framework. The draft Framework is designed to help Framework participants (including publishers and intermediaries) comply with the California Consumer Privacy Act by: (1) establishing a digital signal that Framework participants can use to communicate consumer requests to opt out of “sales” of personal information associated with digital advertising; and (2) supporting that signal with a standard contract designed to create service provider relationships between publishers and advertising companies after a consumer registers an opt out. The IAB is requesting comments, which can be sent to email@example.com, by November 5, 2019.
Please join Hogan Lovells on October 17 for a webinar discussion of the much-anticipated proposed CCPA regulations released by the California Attorney General. The Hogan Lovells team will discuss the proposed requirements and how they would impact privacy notices, individual rights, financial incentive programs, and contracting strategies. We will also discuss steps you can take to develop reasonable and defensible CCPA compliance strategies by January 1, 2020.
On October 10, California Attorney General Xavier Becerra released proposed regulations to implement certain provisions of the California Consumer Privacy Act. The proposed regulations would create many new requirements. They provide clarifications to businesses and consumers in five key CCPA areas as summarized within this post.
Since the California Consumer Privacy Act’s hasty passage in June last year and minor changes last September, the CCPA has vexed businesses working on compliance. Among many practical challenges, the CCPA often includes inconsistent or ambiguous requirements that have been an obstacle to implementing clear compliance strategies. Businesses, some academics, and various legislators thought that further amendments were needed to make the CCPA work effectively and accomplish its objectives. Over the past several months, the California legislature debated several amendments, eventually passing five bills, which now sit on the Governor’s desk. These bills collectively do not provide the sweeping changes sought by businesses. Instead amendments make minor tweaks and postpone for a year some of the more challenging requirements.
Join us on Thursday 19 September for the Hogan Lovells Privacy and Cybersecurity KnowledgeShare in London. We will share our latest thinking on the key privacy and cybersecurity issues faced by those with data protection responsibilities within organisations. Our all-day event will cover a lot of ground through incisive quick-fire presentations, Q&A panels and hands-on workshops.
On June 20, 2019, Hogan Lovells partners Mark Brennan and Bret Cohen discussed in great detail the impact of the law, explained key definitions, and offered practical guidance on how to navigate it during the webinar, “Operationalizing the California Consumer Privacy Act.” More than 600 live attendees participated and were able to hear Mark and Bret cover how to determine whether businesses are covered, how to account for opt-outs from sales to third parties, the content and timing of CCPA notices, how to apply the CCPA’s exceptions, and more.
Please join the Hogan Lovells Privacy and Cybersecurity team and LexisNexis on June 19 for the webinar, Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies.
Please join the Hogan Lovells Privacy and Cybersecurity team on May 15 for our webinar, Hacking 101: How it Works and How to Mitigate Risk. We will explore how certain common hacks work from a technical perspective and how to mitigate related risks from a legal and compliance perspective.
A number of legislative proposals seeking to amend the California Consumer Privacy Act are moving forward following an April 23 hearing before the California Assembly’s Committee on Privacy and Consumer Protection in which the bills were approved. The bills will now advance to the Assembly’s Appropriations Committee before being voted on by the full Assembly and potentially advancing to the California Senate for consideration.
A bill introduced to amend the California Consumer Privacy Act of 2018 (“CCPA” or the “Act”) could greatly expand the risks to businesses that collect the personal information of California consumers. Senate Bill 561 (“SB 561”) would expand the CCPA’s private right of action to any violation of a consumer’s CCPA rights, remove the existing 30-day cure period, and eliminate businesses’ right to consult the AG’s office regarding compliance. SB 561 would not impact the CCPA’s current effective date of January 1, 2020.
Much of the focus on the California Consumer Protection Act (“CCPA”) has been on the new rights that it affords California consumers, including the rights to access, delete, and opt out of the sale of their personal information. But arguably the greatest risk to covered businesses involves data security, as the CCPA creates for the first time a private right of action with substantial statutory penalties for breaches involving California consumers’ personal information. This installment of the Hogan Lovells’ CCPA series explains the CCPA’s security requirement and consequences for non-compliance, and describes security controls that most organizations can implement to mitigate this risk.
The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the previously set end-of-February deadline. Pursuant to section 1798.185(a) of the CCPA, the California Attorney General (AG) is obligated to solicit broad public participation and adopt regulations to further the purposes of the CCPA. The CCPA sets out seven specific areas for AG rulemaking.
The California Attorney General Xavier Becerra and the California Department of Justice will hold six public forums about the California Consumer Privacy Act (CCPA) that are open to all members of the public. These public forums are being held pursuant to Section 1798.185 of the CCPA, which requires the Attorney General to “solicit broad public participation and adopt regulations to further the purposes” of the CCPA.
One of the most controversial elements of the California Consumer Privacy Act (“CCPA”) is the establishment of an “anti-discrimination” right – businesses may not “discriminate” against consumers for exercising certain rights under the CCPA, and they will need to assess whether and how they can require consumers to accept certain data practices as a condition of service. Compliance would be challenging even if the provision were articulated clearly, but as we have discussed in this blog series, the accelerated drafting process and passage of the CCPA earlier this year left little time for public comment and responsive amendments. As a result, the law includes a series of ambiguities that complicate compliance, and nowhere is that more apparent than in the anti-discrimination provision.
This entry in Hogan Lovells’ ongoing series on the CCPA focuses on the law’s anti-discrimination clause, its ambiguities and potentially contradictory provisions, and impact on businesses.