SHARE

August 09, 2022

Do all the state privacy laws recognize authorized agents?

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all Law.com OnPractice content.
Register Now

Some modern data privacy statutes mandate that organizations allow third parties - who are authorized by a data subject - to submit access, deletion, correction, or other requests on behalf of a consumer. Such third parties are sometimes referred to as "authorized agents" - a term created by the regulations implementing the CCPA. The following chart compares whether authorized agents are recognized under each of the modern state privacy statutes:

Authorized Agents

California 2022

CCPA

California 2023

CPRA

Colorado 2023

CPA

Conn. 2023

CTDPA

Utah 2023

UCPA

Virginia 2023

VCDPA

Access requests. Does the statute mandate that organizations accept authorized agent requests for access to information? [1] [2]
Deletion requests. Does the statute mandate that organizations accept authorized agent requests for the deletion of information? [3] [4]
Correction requests. Does the statute mandate that organizations accept authorized agent requests for the correction of information? [5] [6]
Opt-out of sale. Does the statute mandate that organizations accept authorized agent requests to opt-out of the sale of information? [7] [8] [9] [10]
Opt-out of targeted advertising. Does the statute mandate that organizations accept authorized agent requests to opt-out of targeted advertising? N/A ?[11] [12] [13]
Opt-out of profiling/
automated decision making
. Does the statute mandate that organizations accept authorized agent requests to opt-out of automated decision making?
N/A N/A[14] [15] [16]
Registration. Must an authorized agent be registered with the state? [17] [18]
Respond to consumer (instead of authorized agent). Is an organization permitted to respond directly to the consumer after intaking an authorized agent request? [19] [20] ?[21] ?[22]
Utilizing authorized agent's platform. Is an organization required to utilize an authorized agents platform or technology?

[1] Cal. Code Reg. § 999.326(a).

[2] Cal. Code Reg. § 999.326(a).

[3] Cal. Code Reg. § 999.326(a).

[4] Cal. Code Reg. § 999.326(a).

[5] Cal. Code Reg. § 999.326(a).

[6] Cal. Code Reg. § 999.326(a).

[7] Cal. Code Reg. § 999.315(f).

[8] Cal. Code Reg. § 999.315(f).

[9] C.R.S. § 6-1-1306(1)(a)(II) (2022).

[10] Conn. Sub. Bill No. 6, § 5 (applying authorized agents to opt-out requests referenced in § 4(a)(5)).

[11] The CPRA does not specify whether an authorized agent should be permitted to submit a do not share request.  As of the writing of this article, regulations implementing the CPRA had not been adopted.

[12] C.R.S. § 6-1-1306(1)(a)(II) (2022).

[13] Conn. Sub. Bill No. 6, § 5 (applying authorized agents to opt-out requests referenced in § 4(a)(5)).

[14] As of the writing of this article, regulations implementing the automated decision making sections of the CPRA had not been adopted.

[15] C.R.S. § 6-1-1306(1)(a)(II) (2022).

[16] Conn. Sub. Bill No. 6, § 5 (applying authorized agents to opt-out requests referenced in § 4(a)(5)).

[17] Cal. Code Reg. § 999.301(c).

[18] Cal. Civ. Code § 1798.140(ak) (West 2022).

[19] Cal. Code Reg. § 999.326(a).  The business is only required to allow the authorized agent to submit a request.  The business is permitted to directly confirm with the consumer that the consumer granted agency.  The statute and implementing regulations do not require that the business communicate with the authorized agent other than to intake the request.

[20] Cal. Code Reg. § 999.326(a).  The business is only required to allow the authorized agent to submit a request.  The business is permitted to directly confirm with the consumer that the consumer granted agency.  The statute and implementing regulations do not require that the business communicate with the authorized agent other than to intake the request.

[21] Statute does not address this issue.

[22]  Statute does not address this issue.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

California AG Announces Investigation of Mobile Apps' CCPA Compliance

By Gretchen A. Ramos Greenberg Traurig January 31 , 2023

On Jan. 27, 2023, the California Attorney General announced his office is investigating and sending letters to businesses in the retail, travel, and food industries with popular mobile apps that allegedly are not in compliance with the California Consumer Privacy Act (CCPA) by failing to offer a consumer opt-out mechanism for sales, or honor rights requests submitted via authorized agents.

E2 Law Podcast: Episode 20 | Empire Environmental - Review of New York's Cap-and-Invest Program to Reduce Emissions and Achieve Climate Goals

By Steven C. Russo Greenberg Traurig January 27 , 2023

In this episode of Greenberg Traurig's E2 Podcast, attorneys Steven Russo, Zackary Knaub, and Jane McLaughlin discuss New York State’s cap-and-invest program to limit greenhouse gas emissions and share revenue with New Yorkers from disadvantaged communities to help cover utility bills, transportation costs, and decarbonization.

5 Trends to Watch: 2023 Data Privacy & Cybersecurity

By Gretchen A. Ramos Greenberg Traurig January 26 , 2023

While ransomware attacks have been on the rise since 2020, a recent trend has emerged where threat actors are bypassing ransomware malware and encryption tactics and going straight to data theft.

More From Privacy

California AG Announces Investigation of Mobile Apps' CCPA Compliance

By Gretchen A. Ramos Greenberg Traurig January 31 , 2023

On Jan. 27, 2023, the California Attorney General announced his office is investigating and sending letters to businesses in the retail, travel, and food industries with popular mobile apps that allegedly are not in compliance with the California Consumer Privacy Act (CCPA) by failing to offer a consumer opt-out mechanism for sales, or honor rights requests submitted via authorized agents.

U.S. Supreme Court Dismisses as 'Improvidently Granted' Case on Scope of Attorney-Client Privilege

By Stephanie L. Adler-Paindiris Jackson Lewis P.C. January 30 , 2023

In a per curiam opinion, the U.S. Supreme Court has dismissed the writ of certiorari granted in In re: Grand Jury, No. 21-1397, writing only that it was “improvidently granted.”

5 Trends to Watch: 2023 Data Privacy & Cybersecurity

By Gretchen A. Ramos Greenberg Traurig January 26 , 2023

While ransomware attacks have been on the rise since 2020, a recent trend has emerged where threat actors are bypassing ransomware malware and encryption tactics and going straight to data theft.

Featured Stories
Closeclose
Search
Menu

Working...