Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 1st, 2022
Calif. Privacy Agency Unveils Long-Awaited Draft Regulations
Privacy & Data Security Group Chair Daniel M. Goldberg and Privacy & Data Security Associate Maria Nava’s recent blog post on the California Privacy Protection Agency’s (CPPA) proposed regulations to the California Consumer Privacy Act is cited in the article, “Calif. Privacy Agency Unveils Long-Awaited Draft Regulations” published by Law360.
"As expected, the Regs clarify that businesses must recognize Do Not Sell or Share (DNS) opt-out preference signals," Daniel and Maria Nava wrote. "While some privacy professionals have argued that businesses have a choice between posting a DNS link or honoring an opt-out preference signal, the Regs expressly state that interpretation is incorrect."
“However, the new proposal fails to clarify what exactly constitutes a valid opt-out signal, declining to recognize the Global Privacy Control or other technical specifications that have been developed to allow consumers to exercise their opt-out rights across the internet” and "As written, businesses arguably must respond to any signal, which will create compliance hurdles," said Daniel and Maria, adding that the regulations also don't prohibit opt-out signals from being set to "on" by default by a browser, like the new consumer privacy law that was recently enacted in Connecticut does.
Daniel and Maria note, “Under the CPRA regulations, companies that receive an opt-out request also need to notify any downstream third parties to stop selling or sharing the information as well” and "This appears to be a higher burden than currently required under CCPA or the CPRA text, and reemphasizes the need for a signal that can be read by downstream parties."
Lastly, Contracts with third parties "must also expressly require the third-party to check for opt-out signals," they added. If implemented, this and other proposed requirements, including that these agreements "expressly identify" the specific service for which the third party is processing information, would result in contracts with third parties needing to be much more robust, Daniel and Maria said.
Read full article here. (Behind paywall)
Other Quoted
California Disney Fine Pushes Companies to Fully Honor Opt-Outs
Bloomberg Law quoted Daniel M. Goldberg in their recent article about how California fined Disney $2.75 million for allegedly failing to fully honor consumers’ opt-out requests under the California Consumer Privacy Act, signaling increased scrutiny of how companies implement privacy rights across devices, services, and systems. The enforcement action underscores regulators’ growing expectation that opt-out mechanisms must work seamlessly and consistently, with technical compliance now under closer investigation. Read more.
February 25 2026
California’s attorney general issues largest CCPA fine to date
IAPP quotes Daniel Goldberg on evolving privacy enforcement trends, emphasizing the significant cost and complexity of responding to high-profile investigations and the challenges companies face in aligning technology with regulatory expectations under the California Consumer Privacy Act (CCPA). Read Read more.
February 13 2026
Automated Content Recognition Technology Takes Privacy Enforcement Spotlight
The IAPP quotes Andrew Folks in its coverage of Texas’ lawsuits over automated content recognition technology. Read more.
January 26 2026
