Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. Insights
    3. Alerts
    4. More changes in the California Consumer Privacy Act (CCPA) landscape: What you need to know about the new regulationsAlerts

    Alert / Privacy Alert

    More changes in the California Consumer Privacy Act (CCPA) landscape: What you need to know about the new regulations

    March 23, 2021

    Share

    The CCPA brought big changes to the California data privacy landscape, including by giving California consumers the ability to learn more about how and why their data is collected, and some ability to limit business’s ability to keep and use that data.

    Since it became effective on January 1, 2020, however, the CCPA landscape has shifted several times, including through initiation of enforcement in July 2020; the enactment of initial regulations in August 2020; and the California Privacy Rights Act (“CPRA”) amendments to the CCPA in November 2020. Just last week, there was yet another development: the March 15, 2021, announcement of additional CCPA regulations, which are effective immediately. These regulations concern:

    • consumers’ rights to opt-out of the sale of their personal information by covered businesses offline;
    • transparency in the processes allowing consumers to opt-out of the sale of their personal information;
    • authorized agents’ ability to submit requests on behalf of consumers regarding their personal information; and
    • privacy notices to consumers under age 16.

    California government officials also this past week recently announced the appointments of Jennifer Urban, John Thompson, Angela Sierra, Lydia de la Torre and Vinhcent Le to the newly created California Privacy Protection Agency, which is tasked with enforcing the CCPA and its regulations. The Agency was created as mandated by the CPRA and is the first regulator in the U.S. solely focused on privacy matters.

    So what changed?

    Here’s what the new regulations have changed:

    New opt-out regulations

    The amendments ban so-called “dark patterns” that make it difficult for consumers to opt out of the sale of their personal information. The amendments prohibit companies from burdening consumers with confusing language or unnecessary steps (aka “dark patterns”) that might limit consumers’ ability to exercise their rights to opt-out. Businesses instead are required to create an opt-out process that is transparent and easy to follow:

    • Businesses Selling Personal Information Offline (§ 999.306(b)(3)). Businesses that sell consumer personal information that the businesses collected offline are now required to inform consumers through an offline method of their right to opt-out. They also must give instructions on how to submit the opt-out request offline. For example, a business that collects personal information over the phone may choose to inform consumers during the call of their right to opt-out, as the personal information is being collected. ((§ 999.306(b)(3)(b)).
    • New Optional Opt-Out Icon (§ 999.306(b)(3)(f)). The new regulations allow covered businesses to use an optional privacy opt-out icon. This icon, however, does not replace the CCPA’s requirement to provide notice of the right to opt-out or a “Do Not Sell My Personal Information” link. If a business decides to use the icon (image below), the icon should be similar in size to all icons on the business’ webpage.
    •                                                         CCPA opt out icon

    • Consumer Opt-Out Process Transparency (§ 999.315(h)). Businesses need to ensure that opting out is easy, with minimal steps for consumers to follow. Businesses are not allowed to use methods that make it difficult or confusing. For example, the regulations prohibit the following in an opt-out process:
      • using “confusing” and ambiguous language, or “double negatives”;
      • requiring consumers to provide additional unnecessary information in order to submit the opt-out request; and
      • requiring consumers to take more steps to opt-out of a covered business’ sale of their personal information than to opt-in to such sale.

    Consumer Use of an Authorized Agent (§ 999.326(a))

    Previously when a consumer used an authorized agent to request to know or delete personal information, a business may have required the consumer to provide the business with proof that the agent has the authority to submit the request. Although businesses may still require proof of agent authority, the burden of providing such proof is now on the authorized agent and no longer the consumer. The modifications also no longer allow businesses to require a consumer to provide an authorized agent with signed permission to submit a request on his or her behalf.

    Privacy Notices to Consumers Under the Age of 16 (§ 999.332(a))

    The new amendment clarifies that businesses that sell the personal information of children under the age of 13 “and/or” between the ages of 13 and 15 must include a description of how to opt-out of such sale in their privacy policy.

    How do these new modifications affect you as a covered business?

    These new regulations highlight the continued importance of ensuring your business is transparent in the collection and use of personal information, and that you implement policies and procedures that inform, notify, and clearly direct consumers both online and offline of their CCPA rights. You should ensure that the procedures in place to opt-out are clear, unambiguous, and not overly burdensome, and if you collect personal information of consumers under the age of 16 you should make sure that your privacy policies comply with CCPA regulations.

    Nixon Peabody will continue to closely monitor and provide updates on developments and modifications to California privacy regulations.

    Privacy

    Locations

    Los AngelesSan Francisco

    Practices

    Cybersecurity & Privacy

    Insights And Happenings

    • Alert

      Colorado General Assembly passed the Colorado Privacy Act

      June 11, 2021
    • Alert

      The California Privacy Rights Act — Is this really happening?

      Sep 2, 2020
    • Alert

      Recent privacy class actions against Zoom raise questions about work-from-home technologies as well as CCPA applicability

      April 6, 2020

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL