December 6, 2024
The Enforcement Division of the California Privacy Protection Agency (CPPA) and two data brokers recently agreed on a settlement. According to the issue, the data brokers failed to register and pay the annual fee mandated by Senate Bill 362, the Delete Act.
As a result, both data brokers will pay a penalty of $35,400 for their failure to register as required by the Detele Act. Additionally, they will pay the enforcement division’s attorney fees and any costs caused by the data brokers’ non-compliance. The CPPA approved the settlements unanimously in a closed session on November 8, 2024. This settlement came soon after the enforcement division of the CPPA investigated the data brokers’ registration compliance.
In addition to complying with the CPPA, data brokers may soon have to comply with new regulations under the Delete Act. The CPPA has finalized updates to the Act’s data broker regulations. If approved by the California Office of Administrative Law (OAL), it would take effect on January 1, 2025. The updates include:
- A broader definition of data broker: The new updated regulation clarifies data brokers as a “business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”
- An increase in the registration fee: The fee would increase in 2025 from $400 to $6,600, not including the required processing fee. This increase would cover some of the costs of developing the California Privacy Protection Agency’s new deletion mechanism.
- Required Payment Method: Data brokers must pay registration fees with a credit card, excluding exceptions.
- Separate registrations for all data broker businesses: All data brokers, including parent companies and their subsidiaries, must complete their own registration.
- Required Point of Contact: Data brokers must provide the CPPA with a point of contact. The point of contact would not appear in the public registry.
- New Reporting Requirements: Entities eligible for exemption would follow new reporting requirements; examples of exemption include reporting subjected to federal or other state law expectations.
- Perjury Requirement: When signing their registrations, data brokers must attest to the accuracy of their information under penalty of perjury.
According to the Delete Act, data brokers will face the following fines for failing to register as required: $200 per day, the fees due when the broker should have registered, and any expenses incurred in investigating and administering the law that the court determines is appropriate. This case shows the importance of complying with federal, state, and local regulations.
Disclaimer:
Information provided here is for educational and informational purposes only and should not constitute as legal advice. We recommend you contact your own legal counsel for any questions regarding your specific practices and compliance with applicable laws.