The California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) are the most comprehensive privacy rights laws passed in any state — and are widely viewed as potential models for future privacy laws. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with former Faegre Drinker associate Michael Jaeger, an authority on the California privacy landscape, to take a deeper look at these sweeping laws, how they are being enforced and the effect they have had on impacted businesses.
Throwing covered businesses a bit of a curveball, the California attorney general issued a third set of proposed changes to the formerly assumed “final” CCPA implementing regulations. Fortunately for those overseeing CCPA compliance, the revisions are largely clarifications of the existing regulations rather than fundamental changes. Interested stakeholders have until 5:00 p.m. Pacific Time on Wednesday, October 28, to submit comments.
For the full alert, visit the Faegre Drinker website.
The B.O.T. (“Bolstering Online Transparency”) Act, enacted last year pursuant to SB 1001, has gone into effect in California. As of July 1, it is unlawful for a person or entity to use a bot to communicate or interact online with a person in California in order to incentivize a sale or transaction of goods or services or to influence a vote in an election without disclosing that the communication is via a bot. The law defines a “bot” as “an automated online account where all or substantially all of the actions or posts of that account are not the result of a person.” The required disclosure must be clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot.
The law is the first of its kind enacted by a state legislature and applies only to communications with persons in California. In addition, it applies only to public-facing Internet Web sites, applications, or social networks that have at least 10 million monthly U.S. visitors or users. While the law contains no private right of action and expressly “does not impose a duty on service providers of online platforms,” failure to abide by the disclosure requirement, as enforced by the Attorney General, may constitute a violation of California’s unfair competition laws and result in fines and equitable remedies.
The California legislature will consider technical amendments to the California Consumer Privacy Act (CCPA), S.B. 1121, by August 31, 2018, which is the deadline in the current legislative session for bills to be passed by the legislature.
Technology that determines an individual’s identity or location has been the subject of significant media attention in the first half of 2018: Amazon made news with the sale of its facial recognition technology to law enforcement, the U.S. Supreme Court ruled that the government generally must obtain a warrant to access certain types of geolocation information, California arrested the Golden State Killer using the DNA information of a relative, and Facebook came under fire for the way in which Cambridge Analytica accessed the data of tens of millions of users. Garnering less attention, but of no less importance, are the legislative efforts underway in the federal government and in many states to regulate these emerging technologies and limit the ways in which this information can be collected.