No.
By its terms, the definition of personal information excludes aggregated or de-identified information....more
$7,500 per violation.
There is no private right of action for violations of the CCPA related to an individual’s right to be forgotten. The CCPA provides that the maximum fine that may be imposed by the Attorney General is...more
No.
Unlike a request for access, a business’s deletion obligation extends to all data held by the business regarding a consumer, unless an exception applies, irrespective of when that data was collected, generated or...more
Not immediately, but yes.
The CCPA does not distinguish or make allowances for backup and other less accessible systems when determining the scope of a business’s obligation to delete the personal information of a consumer...more
Not necessarily.
As an initial matter, employees that are residents of California will not qualify as full “consumers” under the law until January 1, 2021....more
Likely no.
Neither the CCPA nor the proposed regulations explicitly address the issue of imposing fees or costs on consumers for responding to requests for access or requests for deletion. However, the CCPA does prohibit...more
Yes, if currently pending regulations are made final.
As an initial matter, the statutory text of the CCPA is somewhat unclear regarding a business’s obligations when it receives a request for access or a request for...more
When the CCPA was enacted last year, BCLP published a Practical Guide to help companies reduce the requirements of the Act into practice. Following publication of the Guide, we wrote a series of articles that addressed...more
3/11/2020
/ Advertising ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Opt-Outs ,
Personal Information ,
Private Right of Action ,
Statutory Penalties ,
Websites
To help identify trends in privacy representations, BCLP reviewed the websites and privacy notices of Fortune 500 companies identified as primarily engaged in the banking and financial service sectors.
The following...more
2/28/2020
/ Adtech ,
Banks ,
Behavioral Advertising ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
Data Privacy ,
Data-Sharing ,
Financial Services Industry ,
Opt-In ,
Right to Delete ,
Surveys
Yes.
In fact, businesses may be required to obtain such confirmation from verified consumers under the current (non-final) regulations. As an initial matter, the CCPA states only that a business may have to delete the...more
Likely, yes.
A consumer’s right to deletion is subject to a number of exceptions. One of these exceptions is to “comply with a legal obligation.”...more
To help identify trends in privacy representations, BCLP reviewed the websites and privacy notices of those Fortune 500 companies that are primarily engaged in the property and casualty insurance industries.
The data shows...more
The CCPA only applies to personal information about “consumers,” a term which is defined as “a natural person who is a California resident.” As corporations or other legal entities are not people, the CCPA does not apply to...more
No.
The English supervisory authority, the ICO, has stated that consent requests must be “clearly distinguishable from other matters” and that bundling consent as part of terms and conditions in impermissible. According to...more
$2,500 for each violation and $7,500 for each intentional violation.
The CCPA only provides a private right of action to any consumer whose unencrypted sensitive-category information has been breached as a result of a...more
The California Consumer Privacy Act ("CCPA") was put together quickly (in approximately one week) as a political compromise to preempt a proposed privacy ballot initiative that contained a number of problematic provisions. ...more
No.
The requirement to disclose “sales” of “personal information” to consumers is derived from the California Consumer Privacy Act (the “CCPA”), not European data privacy law....more
Generally speaking, cookies simply are data files saved to a user’s computer. Certain cookies may qualify as “personal information” under the CCPA, since the CCPA defines “unique personal identifiers,” to include “cookies”...more