California Archives

In California Privacy Law

CCPA Investigative Sweep Specific to the Auto Industry

July 31, 2023 by Lothar Determann and Helena Engfeldt 2 Mins Read

Just a few weeks after California Attorney General Bonta announced an investigative sweep through inquiry letters sent to California employers, today the California Privacy Protection Agency (CPPA) announced a California Consumer Privacy Act (CCPA) review of data privacy practices by connected vehicle manufacturers and related technologies, focusing on embedded features including “location sharing, web-based entertainment, smartphone integration, and cameras,” because “vehicles often automatically gather consumers’ locations, personal preferences, and details about their daily lives.” In…

In California Privacy Law

In the Emerging Patchwork of US State Consumer Health Privacy Laws: Understanding and Complying with California’s Confidentiality of Medical Information Act

July 28, 2023 by Lothar Determann, Helena Engfeldt and Michelle Shin 5 Mins Read

So far this year, three US states have passed laws with specific obligations related to consumer health privacy law: Washington, Connecticut, and Nevada. When it comes to California, the omnibus California Consumer Privacy Act (CCPA) applies also to the processing of health information. But, if the sectoral Confidentiality of Medical Information Act (CMIA) applies and is complied with, CMIA, and not the CCPA, applies. Most companies that do business in California are subject to CMIA,…

In California Privacy Law

Employers preparing for CCPA compliance, what to do now

November 9, 2022 by Lothar Determann, Helena Engfeldt and Jonathan Tam 6 Mins Read

In less than two months, on January 1, 2023, the California Consumer Privacy Act (CCPA) as revised by the California Privacy Rights Act (CPRA) will take effect fully in the job applicant and employment context. And with respect to job applicants and personnel, businesses subject to the CCPA will be required to (i) issue further revised privacy notices, (ii) be ready to respond to data subject requests, (iii) have determined if they sell or share…

In California Privacy Law

Comparing the Colorado Privacy Act with the California Consumer Privacy Act

October 21, 2022 by Lothar Determann, Helena Engfeldt, Jonathan Tam and Tom Tysowsky 11 Mins Read

Businesses that have implemented measures to comply with the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (“CCPA”) can leverage some of their existing vendor contract terms, website disclosures and data subject rights response processes to satisfy requirements under the Colorado Privacy Act (“CPA”). However, the CPA, and the recently published proposed CPA Rules, (located here), contain certain unique and prescriptive requirements that may warrant taking a…

In California Privacy Law

California Privacy Agency Releases Modified Proposed Regulations

October 21, 2022 by Brian Hengesbaugh, Cynthia Cole, Rachel Ehlers, Cristina Messerschmidt and Harry Valetk 6 Mins Read

This week, the California Privacy Protection Agency (“CPPA”) released modified proposed regulations (“Modified Regulations”) for compliance with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), and an explanation of the proposed changes, ahead of its upcoming Board Meetings. It is expected that the CPPA will discuss, and possibly adopt or modify further, the Modified Regulations during the CPPA Board Meetings which are scheduled for October 21-22 and October 28-29, 2022.…

In California Privacy Law

Engaging with the public without targeted advertising: Meeting notes from the CPPA Open Meeting of September 23, 2022

October 3, 2022 by Cynthia Cole, Amarachi Abakporo and Michelle Shin 4 Mins Read

Overview On September 23, 2022, the California Privacy Protection Agency (CPPA), in an open meeting, invited the public to listen in and provide comments on the agency’s current agenda. This five-hour meeting was facilitated by Chairperson Jennifer Urban. Based on the comments aired in the meeting, the public and other stakeholders (such as the business community) seemed interested in updates about the delayed California Privacy Rights Act (CPRA) regulations (originally expected in July 2022) and…

In California Privacy Law

Offer Online Products to California Minors? Prepare for the Age-Appropriate Design Code Act

September 28, 2022 by Jonathan Tam 6 Mins Read

California recently enacted the California Age-Appropriate Design Code Act (“Act”) with the stated intention of requiring businesses to consider the best interests of minors under the age of 18 when designing, developing and providing online services. If your business currently offers online services that are likely to be accessed by minors in California, you should consider starting to prepare Data Protection Impact Assessments in accordance with the Act as soon as possible because the law…

In California Privacy Law

United States: How to comply with CCPA while the new Agency revises Regulations

August 16, 2022 by Loic Coutelier, Lothar Determann, Helena Engfeldt, Elizabeth Gladstone, Jonathan Tam, Andrea Tovar, Vivian Tse, Tom Tysowsky, Brian Hengesbaugh, Cristina Messerschmidt, Harry Valetk, Nick Merker and Stephen Reynolds 7 Mins Read

In brief The California Privacy Rights Act of 2020 (CPRA) amended the California Consumer Privacy Act of 2018 (CCPA) with most changes taking effect on 1 January 2023 with a twelve-month look-back. Limited exceptions concerning the personal data of employees and business contacts will expire. The new California Privacy Protection Agency (CPPA) has published draft regulations that will, once finalized, expand on the rules in the statute and existing regulations from the California Attorney General. The CPPA is…

In Data Privacy

First Look: California Privacy Protection Agency Publishes Draft Regulations

June 3, 2022 by Brian Hengesbaugh, Gary Hunt, Cristina Messerschmidt and Harry Valetk 4 Mins Read

In advance of its June 8 public board meeting, the California Privacy Protection Agency (“CPPA”) has released draft regulations intended to implement and interpret new requirements under the California Privacy Rights Act (“CPRA”). In addition to codifying the new obligations under the CPRA (e.g., the right to correct, right to opt out of “sharing”), the Draft Regs include helpful illustrative examples and also provide details regarding certain new obligations, which we’ve summarized below. Key Takeaways…

In California Privacy Law

California Privacy Law Webinar Series

May 24, 2022 by Baker McKenzie 2 Mins Read

2022 is looking to be an unprecedented year for California companies’ privacy law obligations. The California Privacy Rights Act (CPRA) takes effect on January 1, 2023 with a twelve-month look-back that also applies to the personal data of employees and business contacts. The new California Privacy Protection Agency is preparing regulations that will sit on top of existing rules from the California Attorney General. Meanwhile, the California Legislature is enacting privacy laws even though it has not…