(United States) California's Attorney General has no plans to delay the 1 July start date for enforcement for the CCPA, despite businesses' requests to do so. Byte Back reports as follows:
In another sign that the California Attorney General has no plans to delay the CCPA’s July 1, 2020, enforcement deadline, on Friday April 10, 2020, the AG’s office issued a press release reminding California residents of their data privacy rights during the COVID-19 pandemic.
According to the Attorney General, “[a]s the health emergency leads more people to look online to work, shop, connect with family and friends, and be entertained, it is more important than ever for consumers to know their rights under the California Consumer Privacy Act (CCPA).”
The press release reminds California residents of the CCPA’s right to opt-out of sales, right to delete, and right to know. Relating the right to delete to the pandemic, the release states “[i]f you want to minimize or reduce the data collected by businesses during or after the emergency, you can request that the business delete personal data that it has collected from you.”
The press release was accompanied by a series of tweets by the Attorney General reminding California residents of their CCPA privacy rights.
As we have previously discussed, some organizations requested that the Attorney General delay the CCPA’s July 1 enforcement deadline both because of the COVID-19 pandemic and because the Attorney General has still not published the final CCPA regulations. In response, on March 19, 2020, the AG’s office stated that “right now” it did not intend to delay the enforcement deadline. Friday’s press release not only reinforces that position, but perhaps signals that the AG’s office will not look kindly on businesses that are not complying with the CCPA during the pandemic.
(Privacy press clipping sourced via Byte Back)
Jurisdiction: United States
California’s Attorney General looks set on an enforcement date of 1 July 2020 for the California Consumer Privacy Act. It doesn’t seem that this will change because of the COVID-19 situation. His office may be looking for low hanging fruit, namely cases of obvious non-compliance, for a first round of fines. Regulators in the EU, under the GDPR, started with cases of obvious carelessness and cases in which consumer information was being sold without a proper legal basis.
For now, work will be underway on regulations that will better define how the CCPA works. Initial draft regulations had been circulated by the Attorney General’s office in March, and it is expected that finalized regulations will be issued this month (April 2020).
Fines under the CCPA can attract US$ 7,500 per violation. It should be remembered however that a single incident may involve many violations of the CCPA, meaning that the actual total applied in a given case may be quite high, easily running into the millions if large numbers of consumers are involved.