The California Attorney General announced this month the approval of final regulations for the California Consumer Privacy Act (CCPA), formalizing the state’s sweeping law giving consumers control over how their personal information is collected, used, and shared.
The law, which went into effect in January of this year, underwent a review process that aimed to further clarify compliance measures for businesses serving California residents. After several public forums, review processes, and recommendations from the Office of Administrative Law (OAL), Attorney General Xavier Becerra announced the approved final regulations would go into effect immediately.
“In California, privacy is an inalienable right. Californians should control who possesses their personal data and how it’s used,” Attorney General Becerra said. “With these rules finalized, California breaks ground and leads the nation to protect and advance data privacy. These rules guide consumers and businesses alike on how to implement the CCPA.”
In June, the final proposed regulations presented by the OAL included revised definitions of categories such as “third-party.”
A brief outline of the CCPA:
- California consumers have the power to demand companies disclose what personal data they have.
- Businesses can no longer commodify consumer data.
- Organizations are required to ask for opt-in consent when collecting consumer information.
- Businesses are required to explain why they possess certain data and what security measures are in place.
- California consumers can ask companies to delete data and file class actions when companies fail to comply.
California voters will vote on an additional measure in November called the California Consumer Rights Act (CPRA), which extends consumer rights and further clarifies enforcement standards. In addition, the CPRA seeks to establish a privacy enforcement arm called the California Consumer Protection Agency.