On October 12, 2020, the California Department of Justice gave notice that it was making the third round of revisions to the Regulations for the California Consumer Privacy Act (CCPA). The proposed CCPA regulation revisions make clarifications to several requirements in the current Regulations.

One modification involves Section 999.306, on providing notice of opt-out when interacting with consumers offline. This modification provides examples of giving an opt-out notice to consumers in a brick and mortar store, as well as via telephone.

Another modification focuses on Section 999.315 and the guidance regarding the requirement for ensuring that the opt-out mechanism is easy to use and has minimal steps. The listed examples include:

  • The number of steps needed to opt-out should not exceed the number of steps needed to opt-in
  • No use of confusing language, such as double negatives
  • Not forcing consumers to go through reasons why they should not opt-out before confirming the request, except as permitted by the Regulations
  • Cannot ask for more personal information than necessary to implement the request
  • When clicking a “Do Not Sell” link, the consumer should not have to scroll or search through a privacy policy or other page to make the request to opt-out

The third modification is about authorized agents in Section 999.326. This clarifies that a business can require an authorized agent to show proof that the consumer gave signed approval to pursue a request. It also clarifies what a business can require from consumers who utilize authorized agents for making requests.

The final CCPA regulation revision concerns Section 999.332; this proposed change clarifies that if a business deals with the personal information of minors under the age of 13 years old and/or minors between 13 and 15 years old, that business must explain the relevant processes in their privacy policy.

Interested parties can send written comments to the California Department of Justice; the deadline for comment submission Is 5PM on October 28, 2020. These can be sent to [email protected], or to the mailing address listed in the notice.

While this comment period ends on October 28, 2020, it is important to remember that California voters are already voting on the California Consumer Privacy and Rights Enforcement Act (CPRA or CCPA 2.0), which is appearing on the November 2020 ballot under the name Proposition 24. Though changes to the current CCPA Regulations may be pending, there may be larger changes coming under the CCPA 2.0.

Further reading on revisions to CCPA regulations: 

Follow OneTrust on LinkedInTwitter, or YouTube for the latest on CCPA regulations.