The California Attorney General (AG) has released the Consumer Privacy Interactive Tool designed to make it simple for consumers to protect the rights granted to them under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). The tool is designed to make it easy for consumers to draft notices of noncompliance to send to businesses that collect data from California consumers.
What does the Consumer Privacy Interactive Tool do?
At the moment, the tool is only equipped to help consumers draft notices to businesses that sell personal information and do not have a clear and conspicuous “Do Not Sell My Personal Information” link on their websites. Consumers are asked to answer a few basic questions, before receiving a draft notice that they can copy into an email or print out and send to the business.
What does the new privacy tool mean for businesses?
The reason this is significant for businesses is that the consumer sending this notice may trigger the 30-day requirement to ‘cure’ violations of the CCPA. This notice and opportunity to cure is a prerequisite for the AG bringing an enforcement action against your business, so it should be treated seriously.
Action Items for businesses that collect personal information from California residents
The California AG also issued a summary of its CCPA enforcement activity since the law went into effect in January 2020. The summary includes illustrative examples of the types of non-compliance which prompted the AG to take action and provides a roadmap to businesses looking to understand what they should avoid doing. Key takeaways include the following:
- Notice at Collection. Your notice of collection needs to be provided either at or before your business collects personal information from a consumer. You should ensure your notice appears to consumers in a timely manner and in a clear and easily comprehensible format.
- “Do Not Sell My Personal Information” link. If your business discloses personal information to third parties for monetary consideration or anything of value you must post an easy-to-find “Do Not Sell My Personal Information” link on your website. Remember that sharing personal information with third-party advertising and analytics providers counts as a sale.
Does your business need to comply?
While businesses that don’t fall within the scope of California privacy law may not be subject to enforcement action as a result of non-compliance with the CCPA, there are compelling reasons to put strong privacy protocols in place anyway. Consumers increasingly expect businesses to make it easy for them to manage their privacy, and regulators are attempting to keep up with this expectation (as we see with the laws banning dark patterns, as well as the growing patchwork of privacy rights across the US). Moreover, businesses that align with consumer privacy expectations enjoy a competitive advantage, increased loyalty, and a better reputation.
For assistance managing consumer privacy at your business, get in touch. We’re here to help!
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.