On October 10, 2019, the California attorney general’s office released the long-awaited proposed regulations to the California Consumer Privacy Act (CCPA), which can be found here. The regulations are detailed and cover a lot of ground with respect to notice to consumers, handling and verifying consumer requests, rules regarding minors, and non-discrimination. Continue Reading The CCPA Proposed Regulations Are Finally Here
On Friday the 13th of September 2019—the last day of California’s Legislative Session—California lawmakers updated, finalized and sent six bills that would amend the California Consumer Privacy Act (CCPA) to Governor Newsom’s desk for signature. Despite months of efforts from various groups, the CCPA made it through the legislative session with relatively fewer changes than expected.
This update provides a brief overview of the six bills that made it out of both houses and how they will amend the CCPA. Read the full update here.
The CCPA grants consumers the right to request deletion of any personal information which a business has collected from the consumer. Cal. Civ. Code § 1798.105. It also requires a business to fulfill deletion requests, and to direct service providers to do the same, within 45 days of receiving a “verified” or “verifiable” request from the consumer. Cal. Civ. Code § 1798.140(y).
As we approach the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, brick-and-mortar businesses that increasingly engage with consumers online will have to begin their compliance efforts. However, two challenges unique to brick-and-mortar businesses might hamper these efforts: (1) providing required disclosures to consumers before or at the point of data collection; and (2) knowing your data in a multi-channel environment.
Is your business ready for the California Consumer Privacy Act?
The California Consumer Privacy Act (“CCPA”) is a sweeping new law that introduces a host of privacy rights for California consumers, as well as creates a series of robust obligations for certain businesses that collect personal information about those consumers.
Join us for CCPA Week: A series of webinars hosted by Perkins Coie’s Privacy & Data Security practice focused on getting your business ready to comply with this enigmatic statutory scheme. Attendees will receive an overview of the current state of legislative amendments, insight into the high burden of persuasion industries may face, and guidance on leveraging existing compliance and governance programs to build a global privacy program that incorporates responsible data usage and proactive privacy practices. Continue Reading Perkins Coie’s CCPA Week
The California Consumer Privacy Act (CCPA) imposes new transparency and disclosure obligations on businesses’ use, sale, and disclosure of consumer information. Businesses will need to honor requests from consumers to access their personal information, delete their personal information, and opt out of the sale of their personal information. “Personal information” is more broadly described in the CCPA than in any prior statute: that is, “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
At the core of complying with the CCPA is knowing how to deal with consumer’s requests with respect to any of the eight rights regarding their personal information (PI), which are:
- An abbreviated right to disclosure regarding PI collected (§1798.100)
- An expanded right to disclosure regarding PI collected (§1798.110(a))
- Right to disclosure regarding PI sold or disclosed for a business purpose (§1798.115)
- Right to opt-out of sale of PI (§1798.120)
- Right to opt-in for sale of minor’s PI (§1798.120(c))
- Right to deletion of PI collected (§1798.105)
- Right to access PI (§1798.100(d))
- Right to not be discriminated against (§1798.125)
Does your company use chatbots to interact with customers online? If so, California’s new Autobot Law, Cal. Bus. & Prof. Code § 17940, et seq. (SB 1001) goes into effect July 1, 2019 and may affect your business. As the nation’s first autobot regulation, SB 1001 makes it unlawful “to use a bot to communicate or interact with another person in California online, with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving the person about the content of the communication in order to incentivize a purchase or sale of goods or services in a commercial transaction or to influence a vote in an election.”
- A description of a consumer’s right to disclosure regarding the personal information (“PI”) that the business has collected about the consumer, a consumer’s right to disclosure regarding the business’s sale of her or his PI, and a consumer’s right not to be discriminated against for exercising any rights under the CCPA [Cal. Civ. Code §1798.130(a)(5)(A)];
- Categories of PI collected, sold, or disclosed in the preceding 12 months [Cal. Civ. Code §1798.130(a)(5)(B)&(C)]; and
- Two or more designated methods for submitting consumer requests, including a toll-free number and a website address [Cal. Civ. Code §1798.130(a)(1)].
It is no secret that artificial intelligence (“AI”) is set to become the next wave in technological innovation. AI is expected to create as many as 133 million new jobs by 2022 and boost the global economy by $13 trillion by 2030. However, successful machine learning depends on large and broad data sets, including personal information, and the extraordinary pace of development is forcing nations to reevaluate their laws in order to compete within the industry. Continue Reading Promoting and Regulating Artificial Intelligence