HB Ad Slot
HB Mobile Ad Slot
California Privacy Protection Agency Issues Advisory on Data Minimization
Thursday, April 11, 2024

The California Privacy Protection Agency (CPPA) recently issued an enforcement advisory encouraging covered businesses to focus on their data minimization obligations related to consumer requests under the California Consumer Privacy Act (CCPA). The advisory categorizes data minimization as a “foundational principle” of the CCPA and reflects the reasons why businesses will apply this principle for better compliance with the CCPA. The advisory states: “[b]usinesses should apply this principle [of data minimization] to every purpose for which they collect, use, retain, and share consumers’ personal information.”

The publication of this advisory stems from the CPPA Enforcement Division’s observation of businesses “asking consumers to provide excessive and unnecessary personal information in response to requests that consumers make under the CCPA.”

However, note that this advisory and any others issued by the CPPA “do not implement, interpret, or make specific the law enforced or administered by the [CPPA], establish substantive policy or rights, constitute legal advice, or reflect the views of the Agency’s Board.” But note that the CPPA was also careful to note that adherence to an advisory is NOT “alternative relief or safe harbor from potential violations.”

The advisory also cites four examples of less obvious areas where data minimization applies under the CCPA: 1) the handling of user opt-out preference signals; 2) requests for data sale and sharing opt-outs; 3) requests around the use and disclosure of sensitive personal information; and 4) identity verification. To see the full advisory, click here.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins