Issuing California Consumer Privacy Act (CCPA) warning letters is becoming an annual Data Privacy Day observance for California Attorney General Rob Banta. This year, the letters went to owners and operations of mobile applications in the retail, travel, and food services industries that allegedly violate the CCPA. According to the AG, these apps in particular failed to comply with Do Not Sell requests submitted to them by California consumers, or they had no opt-out mechanism at all. The sites also allegedly failed to process consumer opt-out and deletion requests submitted via authorized agents. Interestingly, the AG gave a shout out to an authorized agent app called Permission Slip operated by Consumer Reports.
Make sure to check your mobile app for the appropriate compliance mechanisms. Mirroring your website onto the mobile device may not properly display access to opt-outs or request forms.
Also, make sure that your process for responding to consumer requests actually works -- including those received from authorized agents.
“In California, consumers have the right to stop the sale of their personal information, and my office is working tirelessly to make sure that businesses recognize and process consumers’ opt-out requests,” said Attorney General Bonta. “On this Data Privacy Day and every day, businesses must honor Californians’ right to opt out and delete personal information, including when those requests are made through an authorized agent."