On December 11, 2020, California Attorney General Xavier Becerra released the fourth set of proposed modifications to the regulations of the California Consumer Privacy Act of 2018 (CCPA). This fourth set of proposed modifications is in response to comments received to the third set of modifications that were released on October 12, 2020. According to the update released with the proposed text, the changes include:

Revisions to section 999.306, subd. (b)(3), to clarify that a business selling personal information collected from consumers in the course of interacting with them offline shall inform consumers of their right to opt-out of the sale of their personal information by an offline method; and

Proposed section 999.315, subd. (f), regarding a uniform button to promote consumer awareness of the opportunity to opt-out of the sale of personal information.

The text of the proposed modifications can be found here. Probably the biggest news for the opt-out option is the proposal to include an opt-out button, which may be used in addition to posting the right to opt-out, but not in lieu of any requirement to post a “Do Not Sell My Personal Information” link. The proposed regulations state that if a business posts the “Do Not Sell My Personal Information” link, then the opt-out button shall be added to the left of the text as follows:    The proposed modifications also add language that states that submitting requests to opt-out shall be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out. Businesses are not to use confusing language for opt-out requests or to require consumers to click through or listen to reasons why they should not submit a request to opt out. Businesses may not require consumers to provide personal information that is not necessary to implement the request, nor can a business require the consumer to search or scroll through the text of a privacy policy to locate the mechanism to opt out. In short, the proposed modifications appear to  strive for a simple process with minimal steps for consumers to opt out of the sale of their personal information.

The Attorney General’s Office will accept written comments on the proposed changes to the regulations until 5:00 p.m. on December 28, 2020. Comments may be sent by email to [email protected] or by mail at the address contained in the notice of the fourth set of proposed modifications.

Binary Check Ad Blocker Security News

The California Consumer Privacy Act of 2018 (CCPA) currently exempts from its provisions certain information collected by a business about a natural person in the course of the person acting as a job applicant, employee, owner, director, officer, medical staff member, or contractor of a business. This exemption is set to expire on December 31, 2020. In addition, the so-called business-to-business exemption for transactions and communications with the business that occur solely within the context of the business conducting due diligence regarding or providing or receiving a product or service to or from that company, partnership, sole proprietorship, nonprofit, or government agency is also set to expire on December 31, 2020.

Recent legislation passed in California would extend both of the exemptions until January 1, 2022. Assembly bill 1281, (AB 1281) which was presented to Governor Gavin Newsom on September 8, 2020, extends the one-year exemption for employee information and business to business information for another year until January 1, 2022. The bill also provides that the extension of these exemptions is contingent upon voters not approving the ballot Proposition 24, known as the California Privacy Rights Act of 2020 (CPRA). Should the CPRA pass on November 3, it would extend these exemptions until January 1, 2023. Some other highlights of the CPRA include the creation of a new category of sensitive personal information (SPI) that would give consumers the power to restrict its use, a provision that allows consumers to prohibit businesses from tracking their precise geolocation to a location of approximately 250 acres, and the addition of email and passwords to the list of defined “personal information” included in a data breach.

The key takeaway here is that if AB 1281 is enacted or if Proposition 24 passes, employee/job applicant information as well as business-to-business communications will continue to be exempt from the CCPA. Both AB 1281 and AB 713 regarding medical information, which we wrote about recently here, are currently on Governor Newsom’s desk.