| Insights | Blog | Cybersecurity

California Attorney General Issues Additional CCPA Regulations Advancing Consumer Protections

On March 15, 2021, the California Attorney General (“AG”) approved additional CCPA regulations to enhance consumer protections for opting out of the sale of information. These regulations come after the third set of modifications was approved last October, and after the California Privacy Rights Act of 2020 (“CPRA” or “CCPA 2.0”)  passed the state referendum, and will become effective in January 2023.  Specifically, the AG’s office noted that the approved regulations ban “dark patterns” that delay or obscure the opt out process, and prohibit the burdening of consumers with confusing language or unnecessary steps, such as forcing them to click through multiple screens, or presenting reasons why they should not opt out.

Specifically, the regulations:

  • require businesses selling personal information that was collected offline to also use an offline method to inform consumers of their right to opt out and to provide instructions on how to submit a request;
  • provide businesses with an optional Privacy Options icon;
  • require that a business’s methods for submitting opt out requests be easy to follow and require minimal steps to allow the consumer to opt out. A business must not use a method that is designed with the purpose or has the substantial effect of subverting or impairing a consumer’s opt out choices; and
  • clarify the proof that a business may require an authorized agent to provide, and what the business may require of a consumer to verify their request.

 

To view the press release click here.

To view the updated version of the affected regulations, click here.