January 31, 2023

California AG Announces Investigation of Mobile Apps' CCPA Compliance

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

On Jan. 27, 2023, the California Attorney General announced his office is investigating and sending letters to businesses in the retail, travel, and food industries with popular mobile apps that allegedly are not in compliance with the California Consumer Privacy Act (CCPA) by failing to offer a consumer opt-out mechanism for sales, or honor rights requests submitted via authorized agents. In its announcement, the California AG also "urge[d] the tech industry to innovate for good - including developing and adopting user-enabled global privacy controls for mobile operating systems that allow consumers to stop apps from selling their data." The AG's investigations seem to be becoming an annual tradition in honor of Data Privacy Day. In 2022, the California Attorney General announced an investigation of numerous major corporations in the retail, home improvement, travel, and food services industries operating loyalty programs. While the 2022 notice stated that noncompliant industries would have 30 days to cure and come into compliance, such cure language was not included in the 2023 notice.

The CCPA, as amended by the California Privacy Rights Act of 2020 (CPRA), went into effect Jan. 1, 2023, and enforcement of the amended CPPA will commence July 1, 2023. On Jan. 20, 2023, the AG's office updated its CCPA website page to include several new FAQs addressing the CPRA amendments. In relation to several issues, the FAQs note the California Privacy Protection Agency (CPPA) is currently engaged in a formal rulemaking process and has proposed CCPA regulations, but the regulations are not final. Once the CCPA regulations are finalized, the FAQs will likely be updated again. While it remains uncertain when the proposed CCPA regulations will be finalized, the CPPA is scheduled to discuss possible action on the proposed regulations, including possible adoption or modification of the text, as well as preliminary rulemaking activities of new rules on risk assessments, cybersecurity audits, and automated decision making during their next meeting on Feb. 3, 2023.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

The New York Court of Appeals: A Triumph of Merit Selection

By Henry M. Greenberg Greenberg Traurig May 25 , 2023

The current court is a triumph of the merit selection process that New Yorkers voted for in 1977.

Attorney Fees Awards Under the Clean Streams Law

By David Mandelbaum Greenberg Traurig May 24 , 2023

In February, the Pennsylvania Supreme Court decided that the Environmental Hearing Board could award attorney fees and litigation costs to a prevailing third-party appellant under the Clean Streams Law.

GT's The Performance Review Episode 20: All Secrets Revealed: Employee Investigations

By Philip I. Person Greenberg Traurig May 24 , 2023

In this episode, Sue Ann Van Dermyden, co-founder and senior partner at one of the nation’s top investigations firms, joins Philip Person and Ryan Bykerk to discuss the ins and outs of employee investigations.

More From Cybersecurity

Labor Department Releases New Guidance on Agency Enforcement of PUMP for Nursing Mothers Act

By Patricia Anderson Pryor Jackson Lewis P.C. May 19 , 2023

The U.S. Department of Labor Wage and Hour Division (WHD) has published guidance for agency officials responsible for enforcing the “pump at work” provisions of the Fair Labor Standards Act (FLSA), including those enacted under the 2022 Providing Urgent Maternal Protections for Nursing Mothers Act (PUMP Act).

Finding the Delta: Understanding the Differences in How State Privacy Laws Define Corporate Affiliates

By David A. Zetoony Greenberg Traurig May 15 , 2023

All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners.

Florida Adds a New Twist to Consumer Privacy Patchwork

By David P. Saunders McDermott Will & Emery May 10 , 2023

On May 9, 2023, the Florida legislature passed the Florida Digital Bill of Rights (FDBR), which adds a new twist to the growing body of state consumer privacy laws.

Featured Stories