CCPA Revisions: A Brief Update

Download this memo as a PDF →

On August 14, 2020, the California Office of Administrative Law approved the California Attorney General’s (the “AG”) final regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), a sweeping data privacy law that regulates how companies process personal information.  The regulations contain the last expected round of revisions to the CCPA and took effect immediately upon approval.  Below, we summarize what you need to know.  

What is CCPA? 

CCPA, which became effective on January 1, 2020, is a robust California data privacy law that grants users extensive rights regarding how their personal information is collected and used by businesses.  To effectuate those rights, the CCPA requires businesses to provide users with certain notices, explain their privacy practices, and respond to user requests.  Only businesses that are (i) for profit, (ii) annually sell the personal information of more than 50,000 California residents, and (iii) have an annual gross revenue over $25 million or derive more than 50% of annual revenue from selling personal information are subject to the CCPA. 

Do Not Sell My Personal Information Link

The good news is that the new revisions include only one substantive revision you should know about. Instead of having a link that says “Do Not Sell My Info” on your website or app, you must replace the word “Info” with the words “Personal Information.” 

Additionally, the link must take the user to a separate page that contains a fillable “opt-out” form.  That form should specify whether the company sells personal information for money, require confirmation of California residency, and include fillable boxes for the user’s full name, email address, and zip code. 

We recommend that any of our clients who are subject to, or otherwise complying with, the CCPA promptly update their notices to California consumers to reflect these new requirements.  

*   *   *

Even if your company is not yet subject to the CCPA, we are experiencing an uptick in clients opting for voluntary CCPA compliance for several reasons, including: (i) to engage with Facebook’s new Limited Data Use functionality; and (ii) in anticipation of reaching a threshold that would mandate compliance with the CCPA.  We encourage you to regularly evaluate your company’s data privacy practices and consider if and when your company should become compliant with the CCPA.  

For the full text of the final CCPA regulations, please visit this link.  If you have any questions regarding the final regulations or would like to discuss CCPA compliance considerations, please contact us at hello@klukfarber.com or (646) 850–5009.