Lessons Learned from California on Global Privacy Control

August 2, 2023

Global Privacy Control

The patchwork of privacy legislation at the state level is challenging, at best, and right now enforcement of CCPA in California is providing many lessons learned for both other states following in California’s footsteps and businesses trying to remain compliant with new, and old, privacy laws. Last year’s landmark Sephora settlement with the California Office of the Attorney General, for example, has led businesses to pay much closer attention to a technology called Global Privacy Control, or GPC, first introduced in 2020. The settlement reminded businesses, in a big way, that they must respect consumer choices.

In this episode, the hosts of Priv are joined by Jeewon Serrato of BakerHostetler, who represented Sephora in this landmark settlement, to break down GPC and outline the lessons learned for businesses.

______________________________________________________________________

Related Resources

California Privacy Enforcement: Whose Job Is It Anyway?

Privacy Initiatives Newsletter

CPRA Compliance Services

______________________________________________________________________

 

Show Notes

In this episode of Privacy Abbreviated, hosts Dona Fraser, the SVP of Privacy Initiatives for BBB National Programs, and Jason Cronk, the President of the Institute of Operational Privacy Design, are joined by Jeewon Serrato, a partner at BakerHostetler. The three experts discuss how small- and medium-sized businesses can harness the power of Global Privacy Control (GPC) to comply with privacy regulations and protect their users. GPC is a tool that allows users to opt out of online data tracking and is required under the California Consumer Protection Act (CCPA).

02:00 - Dona explains how a particular settlement between Sephora and California’s Attorney General in August 2022 forced businesses to pay more attention to GPC. California’s Attorney General Rob Bonta alleged that Sephora failed to disclose to consumers that it was selling their personal information, failed to process user requests to opt out of the sale of their personal information using user-enabled GPC, and did not remedy these violations within the 30-day period as required by the CCPA.

Attorney General Bonta states, “Technologies like the Global Privacy Control are a game changer for consumers looking to exercise their data privacy rights. But these rights are meaningless if businesses hide how they use their customer’s data and ignore requests to opt-out of its sale.”

In the online world, consumers are persistently monitored and tracked. The settlement reached with Sephora highlights the rights granted to consumers under the CCPA, empowering them to combat commercial surveillance.

14:32 - Dona then points out that CCPA won’t apply to all businesses. Businesses that must adhere to CCPA are for-profit businesses that do business in California and meet any of the following: have gross annual revenue of over $25 million; buy, sell, or share the personal information of 100,000 or more California residents, households, or devices; or derive 50% or more of their annual revenue from selling California residents’ personal information.

Because many medium and small businesses won’t meet those prerequisites, they won’t be required to comply. However, Jeewon points out that compliance is almost impossible after collecting data. She suggests that businesses abide by the guidelines early on so that if and when they grow past the threshold, they’re already in compliance. She says it’s a much easier process to do upfront than retroactively.

20:11 - Jeewon reiterates that complying with privacy laws is not a simple task. It’s complex, and it requires expertise. She recommends finding outside vendors or counsel that have experience with GPC and CCPA regulations. By engaging professionals with a practical understanding of these specific regulations, organizations can navigate the complexities more effectively and ensure adherence to privacy laws.

According to Jeewon, ensuring compliance “is a matter of finding the right tools, technology, and partners who can shed light.”

Before closing the episode, Jason and Dona ask Jeewon a few questions about herself and her experiences in the privacy sector. In answering those questions, Jeewon continues to press the importance of creative problem-solving within the complex world of data privacy and the need for partnership and teamwork while tackling complicated situations. No one can solve privacy problems alone.

Signing off, Dona encourages listeners to listen to previous episodes of Privacy Abbreviated to learn more about the current privacy landscape. To do so, you can visit BBB NP’s Accountability Studios website or subscribe to Privacy Abbreviated on Apple Podcast, Google Podcast, Spotify, or where you access your favorite podcast!

Latest Podcasts

Podcast

Ad Watchers: A Chat with ICAS - What Are Ad Law’s Global Hot Topics?

Ad Watchers goes global with Sibylle Stanciu-Loeckx of the International Council for Advertising Self-Regulation, discussing the international landscape of advertising self-regulation, including global hot topics, how countries find consensus on critical advertising issues, and the launch of a new Global Think Tank.

Listen to the Podcast
Podcast

Making Sense of AI Governance

On this episode of Priv, Miles Light steps into the role of host for this conversation, joined by Brenda Leong, a partner at Luminos.Law to discuss the responsibilities and requirements of artificial intelligence (AI), in privacy and beyond. 
Listen to the Podcast
Podcast

Protecting Child Influencers

In this episode of In the Sandbox with CARU, host Rukiya Bonner is joined by team pocket.watch to discuss the business of child influencers, breaking down state laws, the role of a parent in the business, and special considerations for working with a young creator. 
Listen to the Podcast
Podcast

Ad Watchers: AI is Everywhere - What about advertising?

For this episode of Ad Watchers, Eric and Annie tackle artificial intelligence (AI), a term on the minds of businesses and on the radar of the National Advertising Division (NAD). In this episode, our hosts are joined by guest Ken Crutchfield to discuss AI’s potential impact on advertising.

Listen to the Podcast