OAKLAND – Ahead of Data Privacy Day, California Attorney General Rob Bonta today announced an investigative sweep, sending letters to businesses with mobile apps that fail to comply with the California Consumer Privacy Act (CCPA). This year’s sweep focuses on popular apps in the retail, travel, and food service industries that allegedly fail to comply with consumer opt-out requests or do not offer any mechanism for consumers who want to stop the sale of their data. The sweep also focuses on businesses that failed to process consumer requests submitted via an authorized agent, as required by the CCPA. Requests submitted by authorized agents include those sent by Permission Slip, a mobile application developed by Consumer Reports that allows consumers to send requests to opt-out and delete their personal information.
“In California, consumers have the right to stop the sale of their personal information, and my office is working tirelessly to make sure that businesses recognize and process consumers’ opt-out requests,” said Attorney General Bonta. “On this Data Privacy Day and every day, businesses must honor Californians’ right to opt out and delete personal information, including when those requests are made through an authorized agent. Today’s sweep also focuses on mobile app compliance with the CCPA, particularly given the wide array of sensitive information that these apps can access from our phones and other mobile devices. I urge the tech industry to innovate for good — including developing and adopting user-enabled global privacy controls for mobile operating systems that allow consumers to stop apps from selling their data.”
The California Consumer Privacy Act is a landmark law that secures increased privacy rights for California consumers, including the right to know how businesses collect, share, and utilize their personal information. Businesses that are subject to the CCPA have several responsibilities, including responding to consumer requests to exercise these rights and giving consumers certain notices explaining their privacy practices.
Attorney General Bonta is committed to the robust enforcement of the nation’s toughest data privacy law. In August 2022, the Attorney General announced a settlement with Sephora resolving allegations that it failed to disclose to consumers that it was selling their personal information and failed to process opt-out requests via user-enabled global privacy controls in violation of the CCPA. Attorney General Bonta also launched an online tool that allows consumers to directly notify businesses that may have violated the CCPA.