Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

OOPS! And Other Takeaways from the First Draft of CPRA Regulations

pexels-photo-272254
By Alan Friel, Kyle Fath & Shea Leitch on June 3, 2022
Email this postTweet this postLike this postShare this post on LinkedIn

In an unexpected move, the California Privacy Protection Agency (the “Agency”) issued draft regulations (“Regs”) mandated by the California Privacy Rights Act (“CPRA”), on Friday May 27 (a day before the Memorial Day weekend, and a day after a public stakeholder meeting in which it gave no indication that the Regs would be issued the next day). The Agency has placed consideration of the draft Regs on its Board’s June 8 meeting agenda. If approved, they will then be subject to public comments, which must be considered before the Regs can be finalized.

The Regs contain detailed guidance regarding many highly-anticipated topics, such as:

  • Global Privacy Control requirements—or the “Opt-Out Preference Signal” ( “OOPS”) under the Regs—but unfortunately no technical specifications with respect to implementation of the OOPS. The Agency interprets the CPRA to make the opt-out link optional if OOPS are “frictionlessly” implemented, but not to make honoring OOPs optional if an opt-out link is provided.
  • General principles regarding the handling of consumer requests.
  • Detailed requirements regarding implementation of the rights to access, delete, correction, limit (the use of my sensitive information), and do not sell / do not share.
  • Notices to consumers, including special notice requirements for job applicants, employees and contractors.
  • Financial incentive notice requirements are relaxed.
  • Service provider, contractor, and third party agreements and obligations.
  • Complaint and enforcement procedures.

While the Regs leave various hot-button issues for a later draft (like automated decision-making, profiling, cybersecurity audits, and risk assessments), they certainly provide detailed guidance on the issues addressed. Even so, implementation will present many challenges for businesses, service providers, contractors, and even third-parties. As a result, we can expect spirited debate and comment from industry and consumer protection groups alike before the draft Regs are finalized.

Click here to read an overview of some of the most notable features of the draft Regs.

 

Photo of Alan Friel Alan Friel
Read more about Alan FrielEmail
Photo of Kyle Fath Kyle Fath
Read more about Kyle FathEmail
  • Posted in:
    Privacy & Data Security
  • Blog:
    Consumer Privacy World
  • Organization:
    Squire Patton Boggs
  • Article: View Original Source
LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Pro Policyholder
  • The Way on FDA
  • Crypto Digest
  • Inside Cybersecurity & Privacy Law
  • La Oficina Legal Ayala Hernández
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo