Photo of James G. Snell

James Snell represents and counsels clients on a wide range of complex commercial matters, including privacy and security, Internet, marketing and intellectual property litigation and matters.

The California Consumer Privacy Act of 2018 (CCPA) regulates a company’s offerings of financial incentives and price or service differences related to the collection, retention, or sale of personal information. Cal. Civ. Code Section 1798.125(a)(2); Final Text of CCPA Regulations, 999.301(j), 999.307, 999.336. Although the CCPA became effective on January 1, 2020, the regulations were not issued in final form until June 1, 2020. As a result, many companies are still in the process of developing their approach to complying with the CCPA’s requirements–particularly those that relate to financial incentives. If your company offers programs that may fall within the definition of “financial incentives” or “price or service differences,” you should be aware of the CCPA’s requirements related to those types of offerings, including the requirement to provide notice of the financial incentive and disclose a good faith estimate of the value of the consumer’s data that forms the basis of the offering. The California Attorney General is expected to begin enforcing the CCPA on July 1, 2020.

Continue Reading CCPA Compliance: Financial Incentives Requirements

The California Consumer Privacy Act (CCPA) went into effect three months ago, on January 1, 2020. Although enforcement by the California attorney general cannot begin until July 1, private plaintiffs have been able to bring claims under the law’s limited private right of action since the beginning of the year.

The CCPA is already having an impact on litigation. Two high-profile cases filed after January 1 directly allege violations of the CCPA and have attracted attention. Other cases that either allege CCPA violations or otherwise cite to the statute have received less notice. Even if the cases do not result in decisions that are binding on future litigants, the arguments are worth a look because they may signal trends for which privacy litigators should be prepared. To that end, this privacy quick tip aims to paint a broader picture of how the CCPA has been referenced in litigation and identify a few potential trends to keep an eye on.
Continue Reading CCPA in Litigation: 2018 to Present

The California Office of the Attorney General (OAG or Office) held the first two of its six public forums on January 8, 2019 in San Francisco and on January 14, 2019 in San Diego to solicit public comments and feedback in preparation for its rulemaking efforts under the California Consumer Privacy Act (CCPA). The OAG specifically welcomed comments across seven rulemaking categories that are included in the responsibility of the OAG:

  1. Categories of “personal information”
  2. Definition of “unique identifier”
  3. Exceptions to the CCPA
  4. Submitting and complying with requests
  5. The uniform opt-out logo or button
  6. What notices and information should businesses be required to provide to consumers
  7. Verification of consumers’ requests

In San Francisco, 14 speakers from businesses, nonprofit organizations, trade associations, universities, Perkins Coie and individual consumers sought clarifications to definitions in, and scope of, the statute and provided specific suggestions. In San Diego, a total of five speakers, including representatives from a trade association and a cybersecurity consulting firm, shared their input.
Continue Reading California AG Hosts the First Two Public Forums on California Consumer Privacy Act

Privacy policies are meant for a host of audiences, including consumers, regulators and advocates. One way to make your privacy policy more accessible to consumers is to include a short form privacy notice at the start of a policy. Short form notices deliver essential elements of how information is treated and protected, provide means to access the full policy, and often include essential privacy choices, such as opt-ins or opt-outs.
Continue Reading Should You Provide a Short Form Privacy Notice?