The California Privacy Rights Act (CPRA), an amendment to the 2018 California Consumer Privacy Act (CCPA), went into effect on Jan. 1, requiring publishers and advertisers to ensure compliance with new consumer data privacy guidelines.
CPRA rulemaking is still in progress, and enforcement is set to begin July 1. Other states, including Virginia, Colorado and Connecticut are issuing their own privacy regulations. And in lieu of a national standard, the Federal Trade Commission has issued its own regulations on consumer data privacy, mostly focused on children and healthcare; one area the FTC is looking at is pixel tracking, with actions already taken against two healthcare organizations.
New consumer data privacy requirements under CPRA, borrowing from the GDPR in Europe, include the right to correct inaccurate personal data and the right to limit processing of sensitive personal information.
If you think California doesn’t mean business, Sephora was fined $1.2 million last summer under CCPA for not disclosing the sale of personal information, failing to respect users’ GPC opt-outs and neglecting to correct these infractions. Sephora didn’t have to admit to wrongdoing, but it did have to pony up, rectify its data sharing policy, avenues to opt out and service provider agreements; and report on its progress to the CA attorney general. And dozens of other infractions are listed on the California Attorney General’s website, although it hasn’t been updated since August.
How serious are these regulations? What kinds of risks are involved in noncompliance? Dan Frechtling, CEO of Boltive, helps us better understand the implications and impacts in this podcast episode.