May 29, 2024

U.S. Privacy and Data Protection | Insights | May 2024 (State Law)

Portrait Liana Chen
By Liana Chen

Partner

U.S. Privacy and Data Protection | Insights | May 2024 (State Law)

The California Privacy Protection Agency board recently gathered to revise draft regulations to implement parts of the state's new data broker law, the Delete Act of 2023, which was signed into law last October by California Gov. Gavin Newsom.

What is the Delete Act and How Does it Impact My Business?

Under existing law, data brokers are already required to register in California. Hundreds of companies in California have been listed as data brokers in California’s data broker registry.

Beginning January 1, 2026, the Delete Act will also require the California Privacy Protection Agency (CPPA) to “establish a centralized system to allow individuals to request the simultaneous deletion of their personal information across all data brokers, and for other purposes.”1

There will also be new audit and disclosure requirements for data brokers to ensure their practices remain compliant.

In particular, every three years, the Delete Act will require data brokers to undergo an independent audit to verify they are remaining compliant with the Act.

Further, the Delete Act requires data brokers to register annually with the CCPA and to disclose the following information:

  • Their name and primary physical, email and website addresses.
  • Metrics regarding the number of consumer and Delete Act requests.
  • Whether they collect certain information e.g., about minors or precise geolocation.
  • A link to a webpage that explains how consumers may exercise consumer rights.
  • To what extent they are regulated by other laws, e.g., the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and specific California privacy laws.
  • When applicable, certain audit information.

How Do the Recent Draft Regulations Affect the Delete Act?

The draft regulations aim to expand definitions in the Delete Act by having data brokers register with the CCPA if they sell data of consumers that they did not directly collect from a consumer, even if they have a direct relationship with a consumer. This shows increased regulator attention to data privacy rights and mandates upon businesses collecting, using, selling, and sharing consumer data, especially by “data brokers.”

Penalties for Non-Compliance

Failure to comply with the Delete Act could result in receiving significant fines. For example, data brokers who fail to register with the CCPA are subject to administrative fines including fines per day of a violation, such as a failure to register or failure to honor a deletion request.

How Can Kronenberger Rosenfeld Help Your Business?

Kronenberger Rosenfeld, LLP regularly advises clients regarding privacy compliance and defends enforcement actions relating to privacy and advertising issues by staying up to date with the latest laws. Contact our firm using our online case submission form here.

This entry was posted on Wednesday, May 29, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.



Related articles

Privacy & Cybersecurity

Firm Files Lawsuit Against Uphold HQ Inc Over

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the Uphold.com cryptocurrency exchange...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

On March 15, 2024, the California Privacy Protection Agency released its 2024-2027 Strategic Plan, which outline the privacy agency’s values and objectives in California. Background The passing of the California...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

U.S. Privacy and Data Protection | Insights | May 2024 (State Law) The California Privacy Protection Agency board recently gathered to revise draft regulations to implement parts of the state's...

Read Article

Privacy & Cybersecurity

Novel CCPA/CPRA Enforcement Treats Targeted Ads as Data

In a novel case, the California Attorney General (AG) has treated targeted ads using third parties, such as through routine marketing and analytics cookies, as data "sales." What did the...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.