California Consumer Privacy Act ("CCPA") Regulations Background
On August 14, 2020, the Office of Administrative Law (OAL) approved the Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the Secretary of State. The regulations go into effect immediately.
The final text of the regulations, as well as all the documents submitted to OAL as part of the rulemaking package, are posted below. Anyone who has submitted a comment regarding the regulations has the right to request a copy of the final statement of reasons.
For information about our current CCPA rulemaking activities, please visit the Current CCPA Rulemaking Activities page.
CCPA was signed into law on June 28, 2018, and went into effect on January 1, 2020. CCPA grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors.
# |
Document Name |
Date of Event |
1. |
OAL Amended Notice of Approval in Part and Withdrawal in Part |
August 27, 2020 |
2. |
Final Text of Regulations [UPDATED] |
August 14, 2020 |
|
|
WWW Consortium, Web Content Accessibility Guidelines, version 2.1 (June 5, 2018). [Incorporated by Reference] |
|
3. |
Addendum to Final Statement of Reasons |
August 14, 2020 |
4. |
Final Statement of Reasons |
June 1, 2020 |
|
|
Appendix A. Summary and Response to Comments Submitted during 45-Day Period |
|
|
|
Appendix B. List of Commenters from 45-Day Period |
|
|
|
Appendix C. Summary and Response to Comments Submitted during 1st 15-Day Period |
|
|
|
Appendix D. List of Commenters from 1st 15-Day Period |
|
|
|
Appendix E. Summary and Response to Comments Submitted during 2nd 15-Day Period |
|
|
|
Appendix F. List of Commenters from 2nd 15-Day Period |
|
5. |
Form 400 – Endorsed and Filed Version [Updated] |
August 14, 2020 |
6. |
Updated Informative Digest |
June 1, 2020 |
7. |
Written Justification for Earlier Effective Date and Request for Expedited Review |
June 1, 2020 |
8. |
Notice of Proposed Rulemaking |
October 11, 2019 |
9. |
Original Proposed Regulations |
October 11, 2019 |
10. |
Initial Statement of Reasons (ISOR), includes Appendices A, B |
October 11, 2019 |
11. |
Statement of Mailing First 45-Day Notice |
May 27, 2020 |
12. |
First Notice of Modifications |
February 10, 2020 |
13. |
First Modified Regulations |
February 10, 2020 |
14. |
Statement of Mailing First 15-Day Notice |
May 27, 2020 |
15. |
Second Notice of Modifications |
March 27, 2020 |
16. |
Second Modified Regulations |
March 27, 2020 |
17. |
Statement of Mailing Second 15-Day Notice |
May 27, 2020 |
18. |
Public Comments
|
|
|
|
45 Day Written Comments |
Comment Period Ended: December 6, 2019 |
|
|
First Set 15 Day Written Comments |
Comment Period Ended: February 25, 2020 |
|
|
Second Set 15 Day Written Comments |
Comment Period Ended: March 27, 2020 |
19. |
Public Hearing Transcripts
|
|
|
|
Sacramento |
December 2, 2019 |
|
|
Los Angeles |
December 3, 2019 |
|
|
San Francisco |
December 4, 2019 |
|
|
Fresno |
December 5, 2019 |
20. |
Form 399 |
|
21. |
Materials/Documents Relied Upon |
|
Appendix A: Preliminary Activities |
||
|
|
California Department of Justice, Attorney General’s Office, California Data Breach Report (February 2016). |
|
|
|
California Department of Justice, Attorney General’s Office, Public Comments Received as Part of the Preliminary Rulemaking Process. |
|
|
|
California Department of Justice, Attorney General’s Office, Supplemental Public Comments Received as Part of the Preliminary Rulemaking Process |
|
|
|
California Department of Justice, Attorney General’s Office, Transcript of Fresno Public Forum. |
February 13, 2019 |
|
|
California Department of Justice, Attorney General’s Office, Transcript of Inland Empire/Riverside Public Forum. |
January 24, 2019 |
|
|
California Department of Justice, Attorney General’s Office, Transcript of Los Angeles Public Forum. |
January 25, 2019 |
|
|
California Department of Justice, Attorney General’s Office, Transcript of Sacramento Public Forum. |
February 5, 2019 |
|
|
California Department of Justice, Attorney General’s Office, Transcript of San Diego Public Forum. |
January 14, 2019 |
|
|
California Department of Justice, Attorney General’s Office, Transcript of San Francisco Public Forum. |
January 8, 2019 |
|
|
California Department of Justice, Attorney General’s Office, Transcript of Stanford Public Forum. |
March 5, 2019 |
Appendix B: 45-Day Period |
||
|
|
Acquisti et al., What Is Privacy Worth? (2013) The Journal of Legal Studies, 42(2), pp. 249-274. |
|
|
|
Center for Plain Language, Privacy-policy analysis (2015). |
|
|
|
Federal Trade Commission, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers, FTC Report (March 2012). |
|
|
|
Hahn et al., A data processing addendum for the CCPA? (Jun. 19, 2019) IAPP Privacy Perspectives. |
|
|
|
Montes et al., The value of personal information in markets with endogenous privacy (Aug. 5, 2015) CEIS Working Paper No. 352. |
|
|
|
National Telecommunications and Information Administration, U.S. Department of Commerce, Short Form Notice Code of Conduct to Promote Transparency in Mobile App Practices (July 25, 2013). |
|
|
|
Norton, The Non-Contractual Nature of Privacy Policies and a New Critique of the Notice and Choice Privacy Protection Model (2016) 27 Fordham Intell. Prop. Media & Ent. L.J. 181. |
|
|
|
Pew Research Center, Public Perceptions of Privacy and Security in the Post-Snowden Era (November 14, 2014). |
|
|
|
Reidenberg et al., Ambiguity in Privacy Policies and the Impact of Regulation (March 22, 2016) Journal of Legal Studies, Forthcoming; Fordham Law Legal Studies Research Paper No. 2715164. |
|
|
|
Schaub, et al., A Design Space for Effective Privacy Notices (July 22–24, 2015) Symposium on Usable Privacy and Security (SOUPS) 2015, Ottawa, Canada. |
|
|
|
Short et al., What’s Your Data Worth? (Mar. 3, 2017) MIT Sloan Management Review, Spring 2017 Issue. |
|
|
|
Spiekermann, et al., Towards a Value Theory for Personal Data (April 2017) Journal of Information Technology, Vol. 32, Issue 1, 2017. |
|
Appendix C: 15-Day Period |
||
|
|
Accenture Interactive, See people, not patterns. (2019). |
|
|
|
Cranor, et al., Design and Evaluation of a Usable Icon and Tagline to Signal an Opt-Out of the Sale of Personal Information as Required by CCPA (February 4, 2020). |
|
|
|
Douglis, et al., How the CCPA impacts civil litigation (January 28, 2020). |
|
|
|
Duffy, et al., Retail Loyalty Programs Will Survive Calif. Privacy Law (September 26, 2019), Law360 |
|
|
|
Paternoster, Leon, Getting round GDPR with dark patters. A case study: Techradar (August 12, 2018). |
|
|
|
Simon, et al., Summary of Key Findings from California Privacy Survey (October 16, 2019), Goodwin Simon Strategic Research. |
|
For more information, see here: https://oag.ca.gov/privacy/ccpa/regs
These materials were obtained directly from the State Legislative website and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.