A Group of the Leading Advertising and Marketing Trade Associations Argue Against the Proposed CCPA Regulations Foreshadowing Likely Litigation Challenges
On March 27, 2020, a group of the leading U.S. advertising and marketing trade associations submitted a letter to the California Attorney General as part of the public comments on the second modification to the proposed CCPA Regulations, arguing that the proposed regulations included in Section 999.315(d) exceed the scope the Attorney General’s ability to regulate in conformance with the CCPA, violate free speech rights under the United States Constitution, and impede the ability of the consumers to exercise “granular choices” in the marketplace.
The proposed Regulations in Section 999.315(d) provide that user-enabled global privacy controls, such as browser plugin, privacy or device settings, that communicate or signal the consumer’s choice to opt-out of the sale of personal information shall be treated as valid opt-out requests under the CCPA. The proposed Regulations further provide that any privacy controls developed in accordance with these regulations must “clearly” communicate or signal that the consumer intends to opt out of the sale of personal information. The second modification to the proposed Regulations, published on March 11, 2020, however, no longer requires that such privacy control require that the consumers affirmatively select their choice to opt-out and not be designed with any pre-selected settings.
Furthermore, the proposed Regulations provide that when the consumer’s global privacy control conflicts with a consumer’s existing business-specific privacy setting, the business shall respect the global privacy control but may notify the consumer of the conflict and give the consumer the choice to confirm the business-specific privacy setting.
In their letter, the trade associations argue that the browser setting and global controls mandate exceeds the Attorney General’s regulatory authority under the CCPA. They contend that the requirement to obey such controls is a substantive obligation that was not included in the text of the CCPA and effectively transforms the CCPA’s opt-out regime into one of opt-in, by enabling intermediaries to set opt-out signals through browsers that apply a single signal across the entire Internet marketplace.
They further argue that the proposed regulations contravene constitutional rights to free speech. Under the United States Constitution, a regulation restricting commercial speech is unconstitutional unless the state has a substantial interest in restricting the speech, the regulation advances that interest, and the regulation is narrowly tailored to serve that interest. The trade associations argue that while California might have a substantial interest in protecting consumer privacy, the proposed global privacy controls and browser settings regulations do not advance that interest and are not narrowly tailored to such interest.
Finally, the trade associations argue that the browser setting and global control mandate impedes the consumer’s choice as the latest version of the Regulations entrenches intermediaries in the system and will enable intermediaries to set default signals through browsers without consumers having to approve of them before they are set.
The trade associations urge that Attorney General to remove the objectionable regulations or at a minimum give businesses an option to decline to honor global privacy controls and browser settings if the business offers another, equally effective method for consumers to opt out of personal information sale.
Although at this stage of the regulatory process the Attorney General is unlikely to reverse his stance on the global privacy controls and browser settings regulations, the arguments advanced by the trade associations foreshadow likely litigation challenges to the CCPA Regulations once they go into effect in the coming months.
Ask Clarip today how we can solve your biggest compliance pain points, Call Clarip at 1-888-252-5653