As businesses work on compliance with the California Consumer Privacy Act (CCPA) a new proposal deals with the notice of the:
- Right to opt-out of a business' "sale" of their personal information, and
- Do Not Sell My Personal Information Opt In/Out Button (reinstates the requirement for a "button" on a website calling attention to the link to "Do Not Sell My Personal Information.")
- Covers medical device companies, not "covered entities" under HIPAA
(Proposed Regulations Section 999.306(f)(1))
It also requires that where a business posts the DNS link, "the opt-out button shall be added to the left of the text ... The opt-out button shall link to the same Internet webpage or online location to which the consumer is directed after clicking on the "Do Not Sell My Personal Information" link." (Proposed Regulations Section 999.306(f)(2))
The draft regulations are subject to a public comment period. The deadline to submit written comments is December 28, 2020 at 5:00 p.m. (PST).