These are the CCPA rights which are encoded in v0.9 of the protocol:
Regime Right Details
ccpa sale:opt_out RIGHT TO OPT-OUT OF SALE
ccpa sale:opt_in RECONSENT OR OPT-IN TO DATA SALE
ccpa deletion RIGHT TO DELETE
ccpa access RIGHT TO KNOW
ccpa access:categories RIGHT TO KNOW[☆]
ccpa access:specific RIGHT TO KNOW[☆]
ccpa Right to Delete
ccpa Right to Correct
ccpa Right to Know
ccpa Right to Opt-out of Sale/Sharing
ccpa Right to Limit the Use of My Sensitive Personal Information
In addition to what we generally agree on are CCPA rights, there is a provision in the CCPA I call, 'Questions Or Concerns in CCPA Rights Explanation':
Privacy Policy.
"(e) The privacy policy shall include the following information:
(3) An explanation of how consumers can exercise their CCPA rights and what consumers can expect from that process, which includes the following:
(J) A contact for questions or concerns about the business’s privacy policies and Information Practices using a method reflecting the manner in which the business primarily interacts with the consumer. " "(e) The privacy policy shall include the following information:
(2) An explanation of the rights that the CCPA confers on consumers regarding their personal information, which includes the following: (J) A contact for questions or concerns about the business’s privacy policies and Information Practices using a method reflecting the manner in which the business primarily interacts with the consumer."
I propose adding a "General Questions Or Concerns" category, based on the following information collected in the CPPA Complaint Form:
Regime Issue
ccpa A business’s collection, use, storing or sharing of my personal information
ccpa A business is trying to get my consent unlawfully (such as using confusing or tricky language or dark patterns)
ccpa It’s unclear how to submit a privacy request to a business
ccpa Children's privacy
ccpa Financial incentive or loyalty programs
ccpa Don’t know/not sure
ccpa Other
These are issues, not rights. California consumers have the right to private action, which is unlisted due to this being the wrong venue, but another unlisted right is the RIGHT TO FILE A CONSUMER COMPLAINT, which could be an acceptable alternative.
When I file complaints about an organization's use of AI for Automated Decisionmaking, I could file it as a RIGHT TO LIMIT (which no one at this time could understand and process correctly), which is why I use the Questions & Concerns Contact method. I have no expectation that the organization is legally obliged to respond, but I do expect that my request is included in the organization's record-keeping of all privacy rights requests, which must include why my request was denied.
These are the CCPA rights which are encoded in v0.9 of the protocol:
Regime Right Details
ccpa sale:opt_out RIGHT TO OPT-OUT OF SALE ccpa sale:opt_in RECONSENT OR OPT-IN TO DATA SALE ccpa deletion RIGHT TO DELETE ccpa access RIGHT TO KNOW ccpa access:categories RIGHT TO KNOW[☆] ccpa access:specific RIGHT TO KNOW[☆]
These are the CCPA rights recommended for future use, based on the actual complaint form used by the CPPA at https://cppa.ca.gov/webapplications/complaint:
Regime Right
ccpa Right to Delete ccpa Right to Correct ccpa Right to Know ccpa Right to Opt-out of Sale/Sharing ccpa Right to Limit the Use of My Sensitive Personal Information
In addition to what we generally agree on are CCPA rights, there is a provision in the CCPA I call, 'Questions Or Concerns in CCPA Rights Explanation':
Privacy Policy. "(e) The privacy policy shall include the following information: (3) An explanation of how consumers can exercise their CCPA rights and what consumers can expect from that process, which includes the following: (J) A contact for questions or concerns about the business’s privacy policies and Information Practices using a method reflecting the manner in which the business primarily interacts with the consumer. " "(e) The privacy policy shall include the following information: (2) An explanation of the rights that the CCPA confers on consumers regarding their personal information, which includes the following: (J) A contact for questions or concerns about the business’s privacy policies and Information Practices using a method reflecting the manner in which the business primarily interacts with the consumer."
I propose adding a "General Questions Or Concerns" category, based on the following information collected in the CPPA Complaint Form:
Regime Issue ccpa A business’s collection, use, storing or sharing of my personal information ccpa A business is trying to get my consent unlawfully (such as using confusing or tricky language or dark patterns) ccpa It’s unclear how to submit a privacy request to a business ccpa Children's privacy ccpa Financial incentive or loyalty programs ccpa Don’t know/not sure ccpa Other
These are issues, not rights. California consumers have the right to private action, which is unlisted due to this being the wrong venue, but another unlisted right is the RIGHT TO FILE A CONSUMER COMPLAINT, which could be an acceptable alternative.
When I file complaints about an organization's use of AI for Automated Decisionmaking, I could file it as a RIGHT TO LIMIT (which no one at this time could understand and process correctly), which is why I use the Questions & Concerns Contact method. I have no expectation that the organization is legally obliged to respond, but I do expect that my request is included in the organization's record-keeping of all privacy rights requests, which must include why my request was denied.