FEATURED STORY January 31, 2023

California AG Announces Investigation of Mobile Apps' CCPA Compliance

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

On Jan. 27, 2023, the California Attorney General announced his office is investigating and sending letters to businesses in the retail, travel, and food industries with popular mobile apps that allegedly are not in compliance with the California Consumer Privacy Act (CCPA) by failing to offer a consumer opt-out mechanism for sales, or honor rights requests submitted via authorized agents. In its announcement, the California AG also "urge[d] the tech industry to innovate for good - including developing and adopting user-enabled global privacy controls for mobile operating systems that allow consumers to stop apps from selling their data." The AG's investigations seem to be becoming an annual tradition in honor of Data Privacy Day. In 2022, the California Attorney General announced an investigation of numerous major corporations in the retail, home improvement, travel, and food services industries operating loyalty programs. While the 2022 notice stated that noncompliant industries would have 30 days to cure and come into compliance, such cure language was not included in the 2023 notice.

The CCPA, as amended by the California Privacy Rights Act of 2020 (CPRA), went into effect Jan. 1, 2023, and enforcement of the amended CPPA will commence July 1, 2023. On Jan. 20, 2023, the AG's office updated its CCPA website page to include several new FAQs addressing the CPRA amendments. In relation to several issues, the FAQs note the California Privacy Protection Agency (CPPA) is currently engaged in a formal rulemaking process and has proposed CCPA regulations, but the regulations are not final. Once the CCPA regulations are finalized, the FAQs will likely be updated again. While it remains uncertain when the proposed CCPA regulations will be finalized, the CPPA is scheduled to discuss possible action on the proposed regulations, including possible adoption or modification of the text, as well as preliminary rulemaking activities of new rules on risk assessments, cybersecurity audits, and automated decision making during their next meeting on Feb. 3, 2023.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

International Entrepreneur Parole Program: USCIS Issues Policy Guidance

By Linnea Porter Greenberg Traurig March 22 , 2023

On March 10, U.S. Citizenship and Immigration Service (USCIS) issued an announcement with comprehensive guidance on parole for international entrepreneurs.

New UK Sanctions Package Would Target Russia's Arms Exports, Front-Line Resources

By Annabel Thomas Greenberg Traurig March 22 , 2023

The UK announced a further round of sanctions and trade measures on 24 February 2023 to coincide with the first anniversary of Russia’s invasion of Ukraine.

PFAS in Drinking Water: EPA Proposes Historic New Regulation

By Bernadette M. Rappold Greenberg Traurig March 17 , 2023

On March 14, 2023, the U.S. Environmental Protection Agency (EPA) issued a proposed National Primary Drinking Water Regulation (NPDWR) which, if finalized, would set enforceable limits, known as Maximum Contaminant Levels (MCLs), for six Per- and Polyfluoroalkyl Substances (PFAS).

More From Cybersecurity

Is a business required to include an 'opt out of targeted advertising' link on its homepage (i.e., a Do Not Share link) if it recognizes opt-out preference signals?

By David A. Zetoony Greenberg Traurig March 13 , 2023

Three modern privacy statutes incorporate the concept that individuals should be able to broadcast a signal from their browser or device that directs an organization to cease providing their personal information to third parties for the purposes of targeted advertising.

Trade Associations Urge Illinois High Court to Reconsider BIPA Decision in Cothron

By Nadine C. Abrahams Jackson Lewis P.C. March 13 , 2023

The Illinois Supreme Court’s decision that a separate claim under Illinois’ Biometric Information Privacy Act (BIPA) accrues each time an entity scans or transmits an individual’s biometric identifier or biometric information will lead to absurd and unjust results not intended by the Illinois General Assembly, Jackson Lewis argued in a friend-of-the-court brief filed on behalf of a coalition of trade associations representing the interests of thousands of Illinois businesses employing approximately 2.9 million individuals in Illinois.

EU-US Transatlantic Data Flows Framework: EU Supervisors Shine Light at the End of the Tunnel

By Rosa Barcelo McDermott Will & Emery March 09 , 2023

In a recent non-binding opinion, EU regulators expressed timid positivity about the European Commission’s draft adequacy decision on the EU-US transatlantic data flows framework (Data Privacy Framework or DPF).

Featured Stories