Careers

Diversity, Equity & Inclusion

Experience

Innovation

Interactive Maps

Locations

About

Pages

Meet our team of innovators
Ask us how we do it

Professionals

Insights

Services

Thompson Hine LLP, a full-service business law firm with approximately 400 lawyers in 8 offices, was ranked number 1 in the category “Most innovative North American law firms: New working models” by The Financial Times and was 1 of 7 firms shortlisted for The American Lawyer’s inaugural Legal Services Innovation Award. The firm has been recognized by the National Law Journal as a Legal Technology Trailblazer and featured by Bloomberg for its innovative service delivery models, which drive accuracy and predictability. The firm’s commitment to innovation is embodied in Thompson Hine SmartPaTHTM – a smarter way to work – predictable, efficient and aligned with client goals. For more information, please visit ThompsonHine.com and ThompsonHine.com/SmartPaTH.

Home | Thompson Hine LLP

Atlanta

Chicago

Cincinnati

Cleveland

Columbus

Dayton

Los Angeles

Minneapolis

New York

Washington, D.C.

core/separator

core/heading

core/list

On June 1, California’s Attorney General submitted the final text of the California Consumer Privacy Act (CCPA) regulations to the California Office of Administrative Law (OAL) for approval. The AG also posted the rulemaking record, including the Final Statement of Reasons and its accompanying appendices, which outlines changes made from the initial version to the final version of the regulations and documents the AG’s response to public comments.

contentpilot/introduction

The effective date of the regulations remains somewhat unclear. Procedurally, OAL’s typical 30-day review and approval period was extended to 90 days under Governor Gavin Newsom’s COVID-19 Executive Order, which could allow the OAL to take until October 1 to approve the final regulations. The AG has requested that the OAL expedite its review and adhere to the statutory timeline of 30 business days so the regulations can be effective when enforcement begins on July 1.

core/paragraph

The final regulations contain no material substantive changes from the modified regulations the AG released on March 11. The AG also submitted to the OAL the rulemaking record, which consists of supporting information to justify the proposed final regulations, such as a detailed articulation of the AG’s interpretation of the CCPA and rationale for changes made to the regulations during the notice and comment process, the AG’s responses to written comments received during the notice and comment period, and the regulatory impact assessment the AG prepared in 2019.

The materials provide clarification and insight into the AG’s views on several issues regarding the interpretation of, and approach to, the CCPA, including:

In addition, the supporting materials provide insight into the right to opt out, which has been one of the more complex issues within the CCPA and its regulations. The right to opt out enables California consumers to request that businesses refrain from selling their personal information to third parties for profit or other valuable consideration. The CCPA requires the AG develop a uniform opt-out logo or button to promote consumer awareness of the opportunity to opt out of the sale of personal information. Although the requirement for a logo or button was incorporated in an earlier draft of the CCPA regulations, it was excluded from the final version. According to the supporting materials, the requirement was “deleted in response to the various comments received during the public comment period” so the AG can “further develop and evaluate” this requirement.

Lastly, the supporting materials provide useful guidance on the use of third-party service providers to assist in furnishing online advertisements on behalf of a business, which is particularly important when a service provider relies on pixel or other online data to present an advertisement to a consumer. According to the supporting materials, “[t]he CCPA allows a service provider to furnish advertising services to the business that collected personal information from the consumer, and such ads may be shown to the same consumer on behalf of the same business on any website.” Moreover, prohibiting a service provider from placing such ads on the business’s website or a third-party website is “unnecessary because the CCPA would not prohibit the business’s own marketing department from placing the same ads itself.” However, the supporting materials note that although this type of advertising is permissible under the CCPA, it “does not relieve the service provider from its obligation to not share the personal information of the consumer with third parties and does not allow the service provider to use the personal information to provide advertising services to other businesses.”

With the July 1 CCPA enforcement date looming, organizations that fall within the CCPA’s scope should ensure that they finalize their compliance efforts by closely examining the CCPA regulations, evaluating what changes they need to make, and mapping out a compliance strategy and timeline for completion. They should also be mindful about approaching some of the requirements that offer discretion in implementation and determining whether certain options may pose greater exposure to business risks than others.

It is important to note that the California Privacy Rights Act initiative remains on track to appear on the November 2020 ballot and may add more California privacy requirements and impact the CCPA.

Mona Adabi 202.263.4147 <a href="mailto:Mona.Adabi@ThompsonHine.com">Mona.Adabi@ThompsonHine.com</a>

Steven G. Stransky 216.566.5646 202.263.4126 <a href="mailto:Steve.Stransky@ThompsonHine.com">Steve.Stransky@ThompsonHine.com</a>

Thomas F. Zych 216.566.5605 <a href="mailto:Tom.Zych@ThompsonHine.com">Tom.Zych@ThompsonHine.com</a>

This advisory bulletin may be reproduced, in whole or in part, with the prior permission of Thompson Hine LLP and acknowledgment of its source and copyright. This publication is intended to inform clients about legal matters of current interest. It is not intended as legal advice. Readers should not act upon the information contained in it without professional counsel.

This document may be considered attorney advertising in some jurisdictions.

https://admin.thompsonhine.com/wp-content/uploads/2022/04/Privacy__Cybersecurity_Update_-_California_Releases_Final_CCPA_Regulations_Ahead_of_July_1_Enforcement_Deadline.pdf

California Releases Final CCPA Regulations Ahead of July 1 Enforcement Deadline

Services