A recent CCPA update includes two amendments signed into law, with further proposed modifications possible.
The California Consumer Privacy Act (CCPA) is changing according to this recent article from IAPP. In September, the California Attorney General, Xavier Becerra highlighted the need for privacy law in the United States. His testimony was presented during the Senate Commerce, Science and Transportation Committee hearing, taking advantage of the context of federal legislation on the subject.
The secretary underscored the different approach that his office can take to the application of the CCPA, and also the future that privacy issues should have in law. In addition to the statements, the California Legislature had already approved several bills with privacy implications prior to this update.
Becerra confirmed that since July 1 (compliance date of the CCPA), his office «began to work.» The secretary’s team wants to issue notices to prevent companies with privacy policies from breaking the law. In other words, correct companies that include the «Do Not Sell Links to My Personal Information».
In his statements, the secretary mentioned the recent lawsuits against Uber (2018), Equifax (2019), and Glowde September (2020). The Attorney General’s Office recently settled a case with Anthem regarding a 2014 data breach for $8.69 million.
What changes were made to the CCPA?
Statements in the written testimony are not limited to a private right of action. The secretary identified other ways to strengthen consumer privacy rights, noting that the CCPA «could go further.» Among the proposals are:
Greater specificity
The secretary suggested making the CCPA’s disclosure requirements more specific. Companies offer «source categories» to collect personal information or «third party categories» to sell the information. Instead, by requiring specific disclosures such as company names, sources, or recipient of the information, consumers can know how much was shared.
Data minimization
Becerra maintains that the duty should be imposed to use a consumer’s personal information according to the purposes. That is the fines for which the consumer will obtain their collection, always respecting the interests of the person. Especially with sensitive information, such as precise geolocation.
Right to rectification
A highlight of the CCPA update is the ability to correct for consumers. For example, rectify personal information collected, to reduce the risk of spreading erroneous data.
Protection of civil rights
There is a need for «clear lines on what is an illegal use of data from the context of the protection of civil rights». What is important about this is that the testimony provides relevant information from the Attorney General’s perspective. Specifically, on expanding privacy protections for California consumers.
What does the future hold?
There is a pending vote initiative from the California Privacy Rights Act that could boost enforcement. With a tentative date in November, a new enforcement agency could be created. This agency would have $5 million in the fiscal year 2020-21 and another $10 million thereafter. The creation and funding of the California Privacy Protection Agency would go into effect immediately, but most of the CPRA’s practices begin in 2023.
At the moment the best thing is to see how the landscape of California privacy law progresses, including the activity of CCPA enforcement. Also, it is necessary to be aware of the CPRA voting initiative and the third set of proposed modifications to the CCPA regulations issued by the OAG.