BREAKING: California Attorney General Xavier Becerra (AG) announced a proposed series of amendments to the California Consumer Privacy Act (CCPA) that would:

  • Expand consumers’ private right of action to include all alleged violations of their rights under the CCPA;
  • Eliminate businesses’ 30-day opportunity to “cure” alleged violations prior to being subject to civil enforcement by

California enacted Internet of Things (IoT) legislation intended to help protect consumer privacy and safety from potential hacking of connected devices. Under the state legislation that may apply to any connected devices sold in California, manufacturers of connected devices are required to equip the devices with security options suitable to the nature of the device

Since California enacted its Automatic Purchase Renewals Law (APRL) in 2010, the plaintiffs’ class action bar has been active in suing companies with subscription-based services for their alleged failures to comply with the APRL requirements. The lawsuits stem from the alleged failure to comply with the disclosure, consent, and acknowledgment requirements applicable to many types of subscriptions. Non-compliance has resulted in million-dollar class action settlements and government civil penalties. This summer, the APRL got tougher.

The APRL applies to companies that charge payment cards of California consumers as part of using “automatic renewals” or providing “continuous services.” An “automatic renewal” is an arrangement to automatically renew and charge for a subscription at the end of its term. A “continuous service” is an arrangement where subscription continues and charges are initiated until the consumer cancels the service.

Generally, and even before the amendment, the APRL requirements include:

  • Presenting the terms of the automatic renewal offer or continuous service in a clear and conspicuous manner where or when the offer is made.
  • Obtaining consumer’s affirmative consent before charging a consumer for the automatic renewal or continuous service.
  • Providing an acknowledgment of key terms, including cancellation instructions, to the consumer.
  • Implementing a method to cancel (as described in the acknowledgment) by toll-free phone, email, mail, or other “cost-effective, timely, and easy-to-use” method, and permitting consumers to cancel prior to charging at the end of a free trial.
  • Notifying the consumer in a clear and conspicuous manner prior to any material changes to the original terms.

Continue Reading California toughens law governing subscription auto-renewals

San Francisco voters will decide on November 6, 2018, whether to enact the city’s “Privacy First Policy” that intends to protect the personal information of residents and visitors from misuse by companies doing business in San Francisco. The policy builds upon the California Consumer Privacy Act passed in June 2018, which gives consumers various rights,

California’s new privacy law, the California Consumer Privacy Act of 2018 (AB 375), will go into effect on January 1, 2020. The law expands privacy rights, provides California consumers with more control over the personal information that businesses collect on them, and includes civil penalties and statutory damages for noncompliance. While the new privacy law

With the election of current California Attorney General Kamala Harris to the U.S. Senate, Governor Jerry Brown was tasked with appointing her replacement. On December 1, he announced that his pick is U.S. Representative Xavier Becerra, head of the House Democratic caucus.

Becerra was first elected to the House in 1992 and has also served

This post was also written by Maytak Chin.

A California attorney general’s report released this month shows that data security threats are on the rise in the Golden State. Against a backdrop of increasing security breaches, the report recommends best practices for companies to adopt as a way to reduce their vulnerabilities and to

This post was also written by Paul H. Cho.

On May 21, 2014, the California Attorney General, Kamala D. Harris, issued her long-awaited guidance for complying with the California Online Privacy Protection Act (“CalOPPA”).  “Making Your Privacy Practices Public,” which can be found here, provides specific recommendations on how businesses are to comply with

This post was also written by Joshua B. Marker.

California continues to be among the most aggressive states in proposing legislation restricting disclosure of personal identifying information. Earlier this month, California Senate Majority Leader Ellen M. Corbett (D) introduced SB 501, known as the Social Networking Privacy Act, which would require social networking websites to

This post was also written by Joshua B. Marker.

California legislators have proposed revisions to the Shine the Light Act, which we first wrote about here. Under pending legislation, the Shine the Light Act would be renamed the “Right to Know Act of 2013,” with significantly expanded reach and requirements. If the proposed amendment