California, home to the United States’ most comprehensive data privacy law, jumped into action during Data Protection Week. Attorney General Rob Bonta announced an investigate sweep, headlined by letters sent to businesses with mobile apps that have failed to comply with the CCPA.
Bonta identified and notified businesses that allegedly have not fully complied with consumer opt-out requests, failed to process consumer requests submitted through CCPA-approved channels, or have not offered any mechanism for users trying to stop the sale of their data.
AG Bonta remarked, “my office is working tirelessly to make sure that businesses recognize and process consumers’ opt-out requests. On this Data Privacy Day and every day, businesses must honor Californians’ right to opt out and delete personal information … I urge the tech industry to innovate for good — including developing and adopting user-enabled global privacy controls for mobile operating systems that allow consumers to stop apps from selling their data.”
Bonta’s office has tried to enforce the CCPA, originally introduced and passed in 2018. The AG, as the main enforcer of the regulation, led the charge against Sephora last Autumn, fining the cosmetics brand $1.2 Mil for its CCPA violations.
However, the task for the AG’s office alone to do so was overwhelming, which is the amendment to the CCPA, the CPRA, has expanded enforcement across several areas, including the creation of a separate governing body, called the CPPA, for that very purpose.
The CPRA, which came into effect on Jan 1, 2023 and is currently set to become enforceable on July 1, 2023 (despite a lack of clarification on several matters within the bill), increases fines for noncompliance and eliminates the grace period included in the CCPA.
For AG Bonta to come out ahead of Data Privacy Day 2023 and issue warnings to noncompliant companies seems a good bet that the CPRA will hit the ground running come July.