Calif. AG says most businesses acting fast to head off privacy enforcement

4 minute read


Register now for FREE unlimited access to
  • State has passed one-year mark of CCPA enforcement
  • Attorney General Bonta launched new online privacy tool

(Reuters) - The majority of businesses that received notices from the California Department of Justice of an alleged violation of the state's privacy law have addressed the issue within the 30-day statutory window, California Attorney General Rob Bonta said on Monday.

The California attorney general's office started enforcing the California Consumer Privacy Act (CCPA) on July 1, 2020. Since then, 75% of businesses that the state notified acted to comply, while the other 25% are "either within their 30-day window or are under an active investigation," Bonta said during a press conference about the first year of enforcement of the law.

Under the privacy law, businesses have 30 days to "cure" an alleged violation after being notified, before the attorney general's office can start an enforcement action.

Register now for FREE unlimited access to

California made waves when it enacted the privacy law in 2018, giving consumers the right to know what personal information a business has collected on them and the ability to ask a business to delete, or stop selling, their personal data.

"Thanks to the CCPA here in California, you control your personal information," Bonta said. "And I encourage every Californian to exercise their rights under the CCPA."

The law took effect in January 2020, with enforcement beginning six months later. California's action prompted other states to consider their own legislation, and Virginia and Colorado have since passed consumer privacy laws. Last fall, California voters approved a measure to update the privacy law, with changes to take effect in January 2023.

Without offering specific numbers of notices sent out or names of companies, Bonta offered examples of alleged violations and notices in the first year.

In one situation, users of a "social media platform" claimed the company didn't quickly respond to, and users didn't know the status of, CCPA requests, Bonta said. The company changed their procedures after the California Justice Department's notice, he said. In another, an "online dating app" didn't have a required "do not sell my personal information" link until they were contacted, Bonta noted, among other examples.

The results "are really encouraging," he said. "We're seeing that businesses are motivated and able to comply with the law."

Bonta on Monday also unveiled a new online tool that lets consumers tell businesses of possible violations directly.

Read more:

Calif. Attorney General Becerra outlines ABCs of CCPA as enforcement kicks in

California's Prop 24 poised to shake up state's privacy landscape

New California privacy board includes academics, government and law firm alums

Q&A: What's next for California Consumer Privacy Act litigation

Register now for FREE unlimited access to

Our Standards: The Thomson Reuters Trust Principles.