California Attorney General Rob Bonta announced today an investigative sweep of mobile apps, focused on popular apps in the retail, travel, and food service industries that fail to comply with the California Consumer Privacy Act (CCPA). According to a press release, the sweep is focused on apps that allegedly fail to comply with consumer opt-out requests or do not offer any mechanism for consumers who want to stop the sale of their data. The press release also highlights enforcement in relation to handling of agent requests, namely through an agent service created by Consumer Reports called “Permission Slip.”
While the press release is somewhat ambiguous as to whether the sweep has happened or is forthcoming, AG Bonta’s tweet from today appears to confirm that letters of non-compliance have already been sent out to the alleged violators. In a reply to his own tweet, he “urge[s] the tech industry to innovate for good – like developing a global privacy control for mobile devices that allows consumers to stop apps from selling their data.”
As a reminder, though the provisions added/amended by the California Privacy Rights Act (CPRA) are subject to an enforcement delay until July 1, the original CCPA’s provisions remain in effect and enforceable by the Office of the Attorney General (OAG) through that date, and there is no longer a mandatory 30-day cure period that the OAG must apply. Also, do not forget that HR and B2B data are now in full scope of the original CCPA’s provisions (and again, there is neither an enforcement delay nor a mandatory cure period as to such data).