With the CCPA going into effect on January 1, 2020, NIELSEN MERKSAMER is advising all businesses to review the provisions of the CCPA, develop compliance protocols, and to actively monitor regulatory and legislative developments for their impact on compliance efforts. Due to the complexity and ambiguity in the CCPA’s requirements, affected businesses are strongly advised to determine the impact of the CCPA on business operations as soon as possible so as to have the ability to raise those issues in the regulatory or legislative process. NIELSEN MERKSAMER is actively involved in all aspects of compliance, including the pending legislative and regulatory efforts.
Legislative status
While multiple bills are being contemplated, AB 25 (Chau) is the only bill that has been introduced this session to amend the CCPA. That “spot” bill states the intent of the Legislature to enact legislation relating to the CCPA. Consistent with AB 375 (Chau), which enacted the CCPA, AB 25 is co-authored by Senators Dodd and Hertzberg. Additional bills are expected to be introduced by the February 22nd introduction deadline.
Separately, five Assembly Republicans have announced the “Your Data, Your Way” package of legislation intended to create the strongest consumer privacy protections in the country. While covering similar issues, the bills do not appear to modify the existing provisions of the CCPA.
Regulatory status
The CCPA required the AG to solicit broad public participation to adopt regulations that further the purposes of the Act. To comply with that requirement, the AG has scheduled seven public forms throughout the state. Copies of the informational slides used at the forums can be downloaded from the AG’s website:
The AG has also requested that interested parties submit any written comments by March 8th in order to be considered in this pre-rulemaking stage. It is important to review potential compliance issues to see if there are any areas of ambiguity that could benefit from clarification through AG regulations. Note that AG staff requested that comments be focused on the following seven areas:
- Categories of Personal Information
- Definition of Unique Identifiers
- Exceptions to CCPA
- Submitting and Complying with Requirements
- Uniform Opt-Out Logo/Button
- Notices and Information to Consumer
- Verification of Consumer’s Request
Governor Newsom
In the annual State of the State address, Governor Newsom included the following comment regarding the CCPA and stated his intent to create a “Data Dividend for Californians”:
California is proud to be home to technology companies determined to change the world. But companies that make billions of dollars collecting, curating and monetizing our personal data have a duty to protect it. Consumers have a right to know and control how their data is being used. I applaud this legislature for passing the first-in-the-nation digital privacy law last year. But California’s consumers should also be able to share in the wealth that is created from their data. And so I’ve asked my team to develop a proposal for a new Data Dividend for Californians because we recognize that your data has value and it belongs to you.
Next steps
All businesses should conduct a thorough review of the requirements of the CCPA, internal practices, and compliance issues created by the language. To the extent, compliance issues arise, businesses should consider seeking regulatory or legislative clarification to avoid issues once the CCPA becomes operative on January 1, 2020.