<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Amazon’s Record-Setting Privacy Fine: What You Need to Know

Last month Amazon was hit with the highest personal data fine to date. A whopping $886.6 million (746 million euros) fine was levied against the corporation by the European Union fine for processing personal data in violation of the bloc's GDPR rules. This action foreshadows a privacy climate in which enforcement will be the norm, trending away from the spotty enforcement of the past.

All Posts

CCPA Regulation Updates - March 2020

On March 11, 2020 the California Attorney General released modifications to the CCPA. This is the second time this year he has released an update, read about the February update here. These are the most impactful changes we've identified:

A business that does not collect personal information directly from a consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information.

The notice at collection of employment-related information is not required to provide a link to the business’s privacy policy. Removed additional options for access to privacy policy since they are no longer required to do so.

Removed: Opt-out button logo requirement
CCPA Opt-Out of Sale Button - Do Not Sell My Personal Information
A business must identify the categories of sources from which personal information is collected. The categories shall be described in a manner that provides consumers a meaningful understanding of the information being collected. Identify the business or commercial purpose for collecting or selling personal information. The purpose shall be described in a manner that provides consumers a meaningful understanding of why the information is collected or sold.

If the business has actual knowledge that it sells the personal information of minors under 16 years of age, a description of the processes required by sections 999.330 and 999.331.

The business shall inform the consumer with sufficient particularity that it has collected the type of information. For example, a business shall respond that it collects “unique biometric data including a fingerprint scan” without disclosing the actual fingerprint scan data.

If a business that denies a consumer’s request to delete sells personal information and the consumer has not already made a request to opt-out, the business shall ask the consumer if they would like to opt out of the sale of their personal information and shall include either the contents of, or a link to, the notice of right to opt-out in accordance with section 999.306.

A service provider shall not retain, use, or disclose personal information obtained in the course of providing services except: (1) To process or maintain personal information on behalf of the business that provided the personal information, or that directed the service provider to collect the personal information, and in compliance with the written contract for services required by the CCPA.

A business shall not require the consumer or the consumer’s authorized agent to pay a fee for the verification of their request to know or request to delete.

Read the full text here.

Watch our on-demand webinar from February on this topic here.

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

Amazon’s Record-Setting Privacy Fine: What You Need to Know

Last month Amazon was hit with the highest personal data fine to date. A whopping $886.6 million (746 million euros) fine was levied against the corpo...

Say Hello to House Bill 376, the Proposed Ohio Personal Privacy Act

Ohio is joining the likes of Massachusetts, New York, and Texas by introducing a privacy bill. The Ohio Personal Privacy Act (House Bill 376) would ap...

The Colorado Privacy Act Has Passed, What's Next?

It is official - Governor Jared Polis has signed the bill making the Colorado Privacy Act the latest enacted state legislation, joining California and...

Colorado House Votes on SB190, Senate Reconciliation is Next

Updated 6/9/21 @ 11am: The Colorado Senate unanimously voted 34-0 on concurrence and final passage of SB190. It now heads to Gov. Polis, who will have...