California Regulators Win Their Appeal to Enforce the CCPA Revised Regulations as of July 1, 2023
Privacy, Cyber & AI Decoded Alert | 2 min read
Feb 12, 2024
For companies that slow-tracked their California compliance activities because of the tentative March 29, 2024 effective date due to the pending appeal on the regulation enforcement timeline, it is now time to prioritize compliance.
This is because late last Friday afternoon, California's Third District Court of Appeal sided with the California Privacy Protection Agency and California Attorney General Rob Bonta in the case of California Privacy Protection Agency (CPPA) v. Superior Court (California Chamber of Commerce) to allow the California regulators to enforce the revised CCPA regulations as of July 1, 2023. The decision overturned a lower court ruling that had stayed enforcement of the new and amended regulations by one year. The California Chamber of Commerce is considering its options for appeal.
What Does This Mean for Businesses that Meet the Threshold Requirements of the California Law?
Here are the top three compliance activities for businesses to consider:
- Businesses should review their privacy notices for compliance with the new regulatory notice requirements. Document that your businesses have not materially changed how they are using personal information as stated in your privacy notices, and note that you are making the appropriate revised cross-contextual advertising disclosures and key enforcement issues for California regulators.
- The final regulations clarified that cross-contextual advertising included the "sharing" of personal information, not just the sale of personal information. So, businesses should review their data subject access rights to ensure they are providing a "Do Not Sell Or Share My Personal Information Link" or "Alternative Opt Out Link" for these activities to comply with the regulations.
- The final regulations set out clear contractual requirements for three categories of vendors: service providers, contractors, and third parties. Businesses, service providers, contractors, and third parties should consider revising their data processing agreements to satisfy these requirements.
As a reminder, both the California Privacy Protection Agency (CPPA) and the California Attorney General's Office can enforce these regulations. While there is no longer any right to cure regulatory violations in California, the CPPA can audit a business, service provider, contractor, or person to ensure compliance with any provision of the CCPA.
For more privacy insights across all state laws, read Hinshaw's Q&A: Four State Data Privacy Compliance Insights for 2024.
Related Capabilities
Featured Insights
Press Release
Oct 22, 2025
Hinshaw & Culbertson LLP Launches New Website and Refreshed Brand
Privacy, Cyber & AI Decoded Alert
Oct 22, 2025
Press Release
Oct 22, 2025
Hinshaw & Culbertson LLP Launches New Website and Refreshed Brand
Privacy, Cyber & AI Decoded Alert
Oct 22, 2025
Press Release
Sep 26, 2025
Hinshaw Recognized as a “Leader in Litigation” in the BTI Consulting Litigation Outlook 2026 Survey
Employment Law Observer
Sep 23, 2025
Privacy, Cyber & AI Decoded Alert
Sep 23, 2025
Fall 2025 Regulatory Roundup: Top U.S. Privacy and AI Developments for Businesses to Track
Press Release
Sep 15, 2025
Hinshaw Achieves 2024–2025 Mansfield Rule Certification Plus Status
In The News
Sep 5, 2025
Jessica Riley Reflects in a Law360 Story on Lessons She Learned as a Junior Lawyer
Press Release
Aug 25, 2025
Trial Spotlight: Hinshaw Prevails in ERISA Fiduciary Fraud Case
Press Release
Aug 21, 2025
102 Hinshaw Lawyers Recognized in 2026 Editions of The Best Lawyers in America® and Ones to Watch™
