By: Linda L. Goodman
California Attorney General, Xavier Becerra, today issued the following statement as he begins the first day of enforcement of the California Consumer Privacy Act (“CCPA”), a groundbreaking data privacy law. The CCPA, which went into effect this year, provides consumers with access to and control over their personal information.
“Today we begin enforcement of the California Consumer Privacy Act, a first-of-its-kind data privacy law in America,” said Attorney General Becerra. “We encourage every Californian to know their rights to internet privacy and every business to know its responsibilities. The website of every business covered by the law must now post a link on its homepage that says, ‘Do Not Sell My Personal Information’. Click on it. Remember, it’s your data. You now get to control how it’s used or sold.”
Yesterday, Attorney General Becerra provided consumers with tips and information on how to “utilize” their data privacy rights under the CCPA providing consumers a direct link to report a complaint online. The CCPA, which went into effect this year, provides consumers with access to and control over their personal information. The Attorney General began enforcement starting July 1, 2020. Businesses subject to CCPA are required to begin complying with the law on January 1, 2020. Proposed final regulations under the CCPA were submitted to the California Office of Administrative Law on June 1, 2020 and are currently pending approval.
“Under the CCPA, Californians have the right to access and stop the sale of their personal data if they choose to exercise it,” said Attorney General Becerra.“…Our office is committed to enforcing the law starting July 1.”
Under the CCPA, California Consumers Generally Have the Following Rights:
- Right to Know – Consumers may request that a business tell them what specific personal information they have collected, shared or sold about them, and why it was collected, shared, or sold.
- Right to Delete — Consumers may request that a business delete personal information that the business collected from the consumer, subject to some exceptions.
- Right to Opt-Out — If a business sells their personal information, consumers may request that it stop doing so.
- Rights for Minors — A business cannot sell the personal information of minors under the age of 16 without their permission and, for children under 13, without parental consent.
- Right to Non-Discrimination — A business may not discriminate against consumers who exercise their rights under the CCPA.
How Consumers were told to exercise their CCPA Rights:
“Consumers should access the business’s online privacy policy, or California-specific online notice, for information on how they can exercise their CCPA rights.” Businesses are required to have a link to their privacy policy on their website, usually at the bottom of the homepage. Businesses that sell consumer personal information must also include a “Do Not Sell My Info” link on their websites or mobile apps.
All businesses that have a website must provide an online method to submit a request, such as an email address or online form. Businesses that do not operate exclusively online must also provide a toll-free phone number. Businesses may require that you verify your identity when making a request to access or delete your personal information to match you to their records and/or to prevent fraud.
Consumers can also refer to the California Data Broker Registry, which is posted on the Attorney General’s website. The Registry lists businesses that collect and sell the personal information of a consumer to third parties. These data brokers are required to provide information on how consumers can opt-out of the sale or submit requests under the CCPA.
Businesses Subject to CCPA:
Not all businesses are subject to CCPA. A business is subject to CCPA if the business:
- Has gross annual revenue in excess of $25 million;
- Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices; or
- Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
Non-profits and governments are not subject to the CCPA. Some businesses and service providers may also be exempt from certain provisions of the CCPA because they are governed by other restrictive laws.
Consumers’ are given a very limited private right of action only in the case of a data breach:
The CCPA gives consumers a limited right to sue a business when the consumer’s information was released during a data breach that was a result of a business’s failure to reasonably secure certain types of personal information. It does not give consumers the right to sue businesses for other violations of the CCPA.
______________________________________________________________________
This article is a publication of The Goodman Law Firm and is intended to provide information on recent legal developments. This article does not create an attorney-client relationship, nor should it be construed as legal advice or an opinion on specific situations. This may constitute “Attorney Advertising” under the Rules of Professional Conduct and under the law of other jurisdictions.
Linda L. Goodman is the founder of The Goodman Law Firm, concentrating its practice in internet business and law. Her firm’s clients include Advertisers, Affiliates, Affiliate Networks, and ISP’s.
© 2020 TGLF, A.P.C.