CJAC Calls on Attorney General to Provide Clarity on Global Privacy Controls Under CCPA

CJAC sent a letter in August to Attorney General Rob Bonta’s office asking for clarification on a newly published FAQ that covers user-enabled global privacy controls under the California Consumer Privacy Act (CCPA). 
 
The FAQ, which is published on the Office of the Attorney General (OAG) website for consumers, states that businesses “must honor” GPCs as a method for consumers to opt out of having their personal information sold. 
 
While the FAQ indicates that GPCs are mandatory, the CCPA does not. It says a business must place a clear link that allows a consumer to opt out of the sale of their personal information but it does not mention GPCs or global opt-out requests. What’s more, the companion California Privacy Rights Act (passed by voters in November 2020 and effective in 18 months) says businesses can provide a clear opt-out link OR consumers can opt out through a preference signal sent with their consent, emphasizing the business has a choice in how it complies. 
 
Additionally, the FAQ on the OAG’s website fails to acknowledge that the new California Privacy Protection Agency (CPPA) will evaluate the reliability and security of GPCs for providing consumer choice and how they’ll impact businesses. 
 
In its letter, CJAC insists that the attorney general’s office address these issues in its FAQ. Without clarification, the FAQ is confusing and could lead to needless litigation.