I have posted to SSRN a copy of my latest draft article, The Myth of the Privacy Paradox. It’s available for download for free.
Here’s the abstract:
Updated on March 27, 2020 — The California AG came out with a modified modified draft of the CCPA regulation on March 11, 2020. Most notably, a few of the changes in the February 7 draft were walked back. I will discuss the details below.
On Friday, February 7, 2020, the California AG dropped a new modified draft CCPA regulation. Comments are due by February 24, 2020 at 5 PM Pacific Time.
Here are some notable changes:
(1) IP Addresses Can Somehow Escape from Being Personal Information
New text of the regulation:
§ 999.302. Guidance Regarding the Interpretation of CCPA Definitions
(a) Whether information is “personal information,” as that term is defined in Civil Code section 1798.140, subdivision (o), depends on whether the business maintains information in a manner that “identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.” For example, if a business collects the IP addresses of visitors to its website but does not link the IP address to any particular consumer or household, and could not reasonably link the IP address with a particular consumer or household, then the IP address would not be “personal information.”
This last sentence about IP addresses was stricken in the new modified CCPA regulation of March 11.
It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments.
NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective. What is notable privacy law depends upon where one is situated. For example, if one is from a small country, that country’s developments are quite notable even if not well-known on a worldwide stage.