California Regulators Win Their Appeal to Enforce the CCPA Revised Regulations as of July 1, 2023
Privacy, Cyber & AI Decoded Alert | 2 min read
Feb 12, 2024
For companies that slow-tracked their California compliance activities because of the tentative March 29, 2024 effective date due to the pending appeal on the regulation enforcement timeline, it is now time to prioritize compliance.
This is because late last Friday afternoon, California's Third District Court of Appeal sided with the California Privacy Protection Agency and California Attorney General Rob Bonta in the case of California Privacy Protection Agency (CPPA) v. Superior Court (California Chamber of Commerce) to allow the California regulators to enforce the revised CCPA regulations as of July 1, 2023. The decision overturned a lower court ruling that had stayed enforcement of the new and amended regulations by one year. The California Chamber of Commerce is considering its options for appeal.
What Does This Mean for Businesses that Meet the Threshold Requirements of the California Law?
Here are the top three compliance activities for businesses to consider:
- Businesses should review their privacy notices for compliance with the new regulatory notice requirements. Document that your businesses have not materially changed how they are using personal information as stated in your privacy notices, and note that you are making the appropriate revised cross-contextual advertising disclosures and key enforcement issues for California regulators.
- The final regulations clarified that cross-contextual advertising included the "sharing" of personal information, not just the sale of personal information. So, businesses should review their data subject access rights to ensure they are providing a "Do Not Sell Or Share My Personal Information Link" or "Alternative Opt Out Link" for these activities to comply with the regulations.
- The final regulations set out clear contractual requirements for three categories of vendors: service providers, contractors, and third parties. Businesses, service providers, contractors, and third parties should consider revising their data processing agreements to satisfy these requirements.
As a reminder, both the California Privacy Protection Agency (CPPA) and the California Attorney General's Office can enforce these regulations. While there is no longer any right to cure regulatory violations in California, the CPPA can audit a business, service provider, contractor, or person to ensure compliance with any provision of the CCPA.
For more privacy insights across all state laws, read Hinshaw's Q&A: Four State Data Privacy Compliance Insights for 2024.
Related Capabilities
Featured Insights

Webinar
Jul 14, 2026
Scott Seaman Presents on Horizontal vs. Vertical Exhaustion of Insurance

Event
July 13-15, 2026
Hinshaw Proudly Sponsors 2026 Lavender Law Conference and Career Fair

Healthcare Alert
Jul 8, 2026
A New Era of Compliance Standards for California DSOs and MSOs After the Aspen Dental Settlement

Insights for Insurers Alert
Jul 7, 2026
What Insurers Need to Know About California’s FAIR Plan Assessment Recoupment Guidance

In The News
Jul 6, 2026
Francesco Palanda’s Practical Guide for Mitigating AI-Related Business Interruption Risk

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry

In The News
Jun 26, 2026
Jason Oliveri Discusses AI Companions in Elder Care and the Risks for LGBTQ+ Residents





