California’s attorney general has put mobile app developers on notice: comply with the state’s privacy laws and consumer opt-out requests, or get ready to paybig time.

California Attorney General Rob Bonta keeps a running list of enforcement actions taken against companies that fail to comply with the California Consumer Privacy Act (CCPA).

In the state’s latest “investigative sweep,” Bonta sent letters to businesses with mobile apps that allegedly ignore consumer opt-out requests or sell users’ data, despite the CCPA, which, among other things, prohibits these kinds of personal information sale.

This year’s sweep, which focuses on retail, travel and food service apps, also targets businesses that haven’t processed consumer requests submitted by an authorized agent. One such authorized agent is the Consumer Report’s Permission Slip mobile app, which allows consumers to send requests to opt-out and delete their personal information. The CCPA requires businesses that receive one of these requests to scrub the submitter’s info from their systems and stop collecting it for future retention purposes.

Last year’s sweep netted a $1.2 million fine levied against global retailer Sephora. It also showed the Bonta defined “sale” of consumer data in broad terms, and was willing to aggressively prosecute companies that, in the state’s view, didn’t follow the rules.

This year Bonta has another tool at his disposal: the California Privacy Rights Act (CPRA), which essentially is an amendment to the CCPA that mandates companies not “share” folks’ personal information with third parties. CPRA became operational in January, and its enforcement will begin later this year.

“In California, consumers have the right to stop the sale of their personal information, and my office is working tirelessly to make sure that businesses recognize and process consumers’ opt-out requests,” Bonta said in a statement, adding that this year’s sweep focuses on mobile apps because of the “wide array of sensitive information that these apps can access from our phones and other mobile devices.” 

The state has developed its own online tool that allows consumers to directly notify businesses that may have violated the CCPA. 

“I urge the tech industry to innovate for good — including developing and adopting user-enabled global privacy controls for mobile operating systems that allow consumers to stop apps from selling their data,” Bonta continued.

Bonta’s office declined to answer The Register’s questions about how many, and which, companies received letters alleging CCPA violations.

“The enforcement sweep announced last Friday sent notices to apps in the retail, travel, and food service industries that collect and store consumer personal information to investigate their compliance with CCPA sale requirements,” a spokesperson said. “Letters were sent to those we allege do not comply. Beyond that, to protect their integrity, we cannot comment on ongoing investigations.”

Does the sweep have teeth?

Forrester Research analyst Stephanie Liu told The Register …….

Source: https://news.google.com/__i/rss/rd/articles/CBMiRmh0dHBzOi8vd3d3LnRoZXJlZ2lzdGVyLmNvbS8yMDIzLzAxLzMxL2NhbGlmX2FnX21vYmlsZV9hcHBfZGV2ZWxvcGVycy_SAUpodHRwczovL3d3dy50aGVyZWdpc3Rlci5jb20vQU1QLzIwMjMvMDEvMzEvY2FsaWZfYWdfbW9iaWxlX2FwcF9kZXZlbG9wZXJzLw?oc=5