California Regulators Win Their Appeal to Enforce the CCPA Revised Regulations as of July 1, 2023
Privacy, Cyber & AI Decoded Alert | 2 min read
Feb 12, 2024
For companies that slow-tracked their California compliance activities because of the tentative March 29, 2024 effective date due to the pending appeal on the regulation enforcement timeline, it is now time to prioritize compliance.
This is because late last Friday afternoon, California's Third District Court of Appeal sided with the California Privacy Protection Agency and California Attorney General Rob Bonta in the case of California Privacy Protection Agency (CPPA) v. Superior Court (California Chamber of Commerce) to allow the California regulators to enforce the revised CCPA regulations as of July 1, 2023. The decision overturned a lower court ruling that had stayed enforcement of the new and amended regulations by one year. The California Chamber of Commerce is considering its options for appeal.
What Does This Mean for Businesses that Meet the Threshold Requirements of the California Law?
Here are the top three compliance activities for businesses to consider:
- Businesses should review their privacy notices for compliance with the new regulatory notice requirements. Document that your businesses have not materially changed how they are using personal information as stated in your privacy notices, and note that you are making the appropriate revised cross-contextual advertising disclosures and key enforcement issues for California regulators.
- The final regulations clarified that cross-contextual advertising included the "sharing" of personal information, not just the sale of personal information. So, businesses should review their data subject access rights to ensure they are providing a "Do Not Sell Or Share My Personal Information Link" or "Alternative Opt Out Link" for these activities to comply with the regulations.
- The final regulations set out clear contractual requirements for three categories of vendors: service providers, contractors, and third parties. Businesses, service providers, contractors, and third parties should consider revising their data processing agreements to satisfy these requirements.
As a reminder, both the California Privacy Protection Agency (CPPA) and the California Attorney General's Office can enforce these regulations. While there is no longer any right to cure regulatory violations in California, the CPPA can audit a business, service provider, contractor, or person to ensure compliance with any provision of the CCPA.
For more privacy insights across all state laws, read Hinshaw's Q&A: Four State Data Privacy Compliance Insights for 2024.
Related Capabilities
Featured Insights
Webinar
May 19, 2026
Scott Seaman Speaks on Making Decisions in Difficult Risk Environments
Webinar
May 19, 2026
Scott Seaman Speaks on Making Decisions in Difficult Risk Environments
Event
May 7, 2026 - May 9, 2026
Anshuman Vaidya Presents on IRS Criminal Tax Enforcement Priorities at the ABA Tax Meeting
Webinar
Apr 29, 2026
When a Cyber Breach Hits: Cybersecurity, Privacy, and Compliance
In The News
Apr 24, 2026
Michael Dowell Reviews New PBM Reform Reshaping Pharmacy Reimbursement
Lawyers for the Profession® Alert
Apr 21, 2026
When Does a Client’s Duty to Investigate Begin? Lessons from a Time-Barred Malpractice Case
Press Release
Apr 20, 2026
Tom Kuzmanovic Selected for BizTimes Milwaukee 2026 Notable Leaders in Law
Press Release
Apr 17, 2026
André Sesler Elected to the Board of Trustees of the University of Florida Law Center Association
Hinshaw Alert
Apr 17, 2026
Q&A: How to Submit Your IEEPA Refund Claim as CAPE Portal Launches April 20, 2026
