Compliance Briefing — California AG issues modified CCPA regulations

Executive briefing: On 7 February 2020 the California Attorney General published modified proposed CCPA regulations. The update revises notice at collection examples, clarifies how businesses must design the opt-out link or button, and tightens verification and service-provider provisions before enforcement begins in July 2020.

What changed

• New illustrative language for notices at collection and privacy policies, including offline notice obligations.
• Additional detail on opt-out presentation, prohibiting dark patterns and requiring easy access to the “Do Not Sell My Personal Information” mechanism.
• Revisions to service-provider definitions and contractual limits, affecting data sharing with vendors and affiliates.

Why it matters

• Demands design and UX adjustments for opt-out controls and offline collection touchpoints.
• Impacts verification workflows for household and authorized agent requests, requiring updated identity proofing steps.
• Sets expectations regulators may use when assessing July 2020 enforcement readiness and privacy notices.

Action items for operators

• Update notices, privacy policies, and opt-out buttons to match the modified examples and avoid manipulative patterns.
• Review request intake and verification procedures—especially for minors, households, and authorized agents—to align with the new guidance.
• Amend service-provider and contractor agreements to reflect data-use limitations, security obligations, and deletion requirements in the revised rules.