May 29, 2024

U.S. Privacy and Data Protection | Insights | May 2024 (State Law)

Portrait Liana Chen
By Liana Chen

Partner

U.S. Privacy and Data Protection | Insights | May 2024 (State Law)

The California Privacy Protection Agency board recently gathered to revise draft regulations to implement parts of the state's new data broker law, the Delete Act of 2023, which was signed into law last October by California Gov. Gavin Newsom.

What is the Delete Act and How Does it Impact My Business?

Under existing law, data brokers are already required to register in California. Hundreds of companies in California have been listed as data brokers in California’s data broker registry.

Beginning January 1, 2026, the Delete Act will also require the California Privacy Protection Agency (CPPA) to “establish a centralized system to allow individuals to request the simultaneous deletion of their personal information across all data brokers, and for other purposes.”1

There will also be new audit and disclosure requirements for data brokers to ensure their practices remain compliant.

In particular, every three years, the Delete Act will require data brokers to undergo an independent audit to verify they are remaining compliant with the Act.

Further, the Delete Act requires data brokers to register annually with the CCPA and to disclose the following information:

  • Their name and primary physical, email and website addresses.
  • Metrics regarding the number of consumer and Delete Act requests.
  • Whether they collect certain information e.g., about minors or precise geolocation.
  • A link to a webpage that explains how consumers may exercise consumer rights.
  • To what extent they are regulated by other laws, e.g., the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and specific California privacy laws.
  • When applicable, certain audit information.

How Do the Recent Draft Regulations Affect the Delete Act?

The draft regulations aim to expand definitions in the Delete Act by having data brokers register with the CCPA if they sell data of consumers that they did not directly collect from a consumer, even if they have a direct relationship with a consumer. This shows increased regulator attention to data privacy rights and mandates upon businesses collecting, using, selling, and sharing consumer data, especially by “data brokers.”

Penalties for Non-Compliance

Failure to comply with the Delete Act could result in receiving significant fines. For example, data brokers who fail to register with the CCPA are subject to administrative fines including fines per day of a violation, such as a failure to register or failure to honor a deletion request.

How Can Kronenberger Rosenfeld Help Your Business?

Kronenberger Rosenfeld, LLP regularly advises clients regarding privacy compliance and defends enforcement actions relating to privacy and advertising issues by staying up to date with the latest laws. Contact our firm using our online case submission form here.

This entry was posted on Wednesday, May 29, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.



Related articles

Privacy & Cybersecurity

How to Keep Up With New Privacy Laws

There has been a wave of emerging and detailed privacy laws from the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), to the General...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

Dark Patterns For any business collecting user data, it's crucial to stay informed about the evolving regulatory landscape surrounding "dark patterns" in advertising and data privacy and security practices. Recent...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

U.S. Privacy and Data Protection | Insights | June 2024 (State Law) Data breaches are on the rise, no matter the size or reputation of your business. If you are...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

U.S. Privacy and Data Protection | Insights | June 2024 (Federal Law) The Federal Trade Commission (FTC) continues to target data privacy and security issues. For example, the FTC has...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.