California Attorney General Begins Enforcement of CCPA Even Ahead of Regulations’ Approval
Client Alert | 2 min read | 08.18.20
On August 14, 2020, California Attorney General Becerra announced that the Office of Administrative Law approved final regulations under the California Consumer Privacy Act (CCPA). The approved regulations, which became effective immediately, guide businesses and consumers on the CCPA. The final regulations can be found here.
Even before final approval of the regulations, the California Attorney General’s Office announced that it had already begun enforcing the CCPA in California. By July 10, 2020, the Office had issued warning notices to online businesses for failure to comply with the CCPA. The businesses receiving these notices will have 30 days to comply with the CCPA, or they risk a lawsuit being filed against them by the Attorney General’s Office. It is expected that in the future the AG will no longer issue warning letters and proceed with enforcement.
The CCPA allows California residents to learn what information companies have collected about them, seek the deletion of any collected information, and prevent companies from selling their personal information to third parties. The law also requires any covered business to place a link on its homepage, labeled “Do Not Sell My Personal Information,” that consumers can click to ensure the company does not sell their data. Additionally, the CCPA prohibits businesses from selling minors’ personal information without parental consent for those under the age of 13 or consent of those 13-16 years old.
The CCPA applies to companies that: (1) have more than $25 million in gross annual revenue; (2) buy, sell, or receive the personal information of at least 50,000 consumers, devices, or households; or (3) gain 50% or more of their annual revenue from selling consumers’ personal information.
When determining the recipients of the warning letters, the Attorney General’s Office reviewed consumer complaints, including some that were made on the Twitter platform. The Office has also advised businesses that sell consumers’ information to quickly confirm that they have a “do not sell” button on their website.
California businesses that are under the CCPA should carefully ensure they comply with all of the CCPA’s requirements, including the presence of the “do not sell” link, in order to avoid potential liability.
Contacts
Insights
Client Alert | 3 min read | 10.30.25
Is Course Hero Heading to Summer School After Summary Judgment Loss?
On September 23, Judge Vernon D. Oliver partially granted and partially denied the defendant’s motion for summary judgment in Post University Inc. v. Learneo, Inc., 3:21-cv-1242 (VDO) (D. Del. Sept. 23, 2025). For background, the defendant in this case, Learneo, Inc. (commonly known as Course Hero), is an online platform for college, trade, and high school students that provides access to user-submitted documents via a paid subscription. Course Hero allows users to search the documents that have been uploaded by school, textbook, book title, and subject, but only users with a subscription can view the documents. Users without a subscription may access a preview version of the document, consisting of a blurred and truncated version created by Course Hero. Course Hero users have uploaded documents to the platform for many thousands of colleges, grad schools, high schools, and trade schools.
Client Alert | 9 min read | 10.28.25
Key Takeaways from a Consequential Month of Russia-Related Sanctions
Client Alert | 1 min read | 10.27.25
Client Alert | 3 min read | 10.27.25
