Ask CENTRL: Does my business need to provide a CCPA policy and notices in languages other than English?
- Notice at Time of Collection of PI - A business that collects PI from a consumer must provide a notice at or before the point of collection that describes the categories of PI to be collected from the consumer and the purposes for which the PI will be used by the business.
- Notice of Right to Opt-out of Sale of PI - A business that sells PI must provide a notice to consumers permitting them to opt-out or request that the business not sell or stop selling their PI.
- Notice of Financial Incentives - A business that offers financial incentives or price or service differences tied to the collection, retention, or sale of PI must provide a notice to consumers that explains the material terms of the incentive or difference so the consumer may make an informed decision about whether to participate.
Although the final CCPA regulations are still under administrative review, it may not be time to carpe diem. Under the current CCPA enforcement environment, it is prudent, in any language, to give some thought to these future requirements.
CCPA Policy and Notices
- Designed and presented in a way that is easy to read and understandable to consumers;
- Use plain and straightforward language and avoid the use of technical or legal jargon; and
- Reasonably accessible to consumers with disabilities.
Businesses subject to the CCPA may operate in other states or countries and California residents may interact with a business while traveling outside the state or overseas. The OAG noted in the Statement of Reasons released with the proposed final regulations that it added “in California” after “consumers,” as highlighted above, to clarify that businesses must provide these disclosures in the languages in which they provide contracts and other information to consumers in California.
- Know Your Business Practices
The OAG has noted on its webpage regarding “Limited English Proficient Consumers” as follows:
California’s population is diverse. More than 200 languages and dialects are spoken here, and according to the US Census Bureau (2015), almost 44% of California households speak a language other than English, and nearly seven million Californians (19%) report speaking English “less than very well.” Language and cultural barriers can leave consumers vulnerable to fraud and predatory practices.
- Know the Enforcement Risks
The Office of the AG (OAG) began sending notices of noncompliance to businesses on July 1, 2020. Since the final CCPA regulations are still under administrative review, the OAG’s initial enforcement actions are limited to the “four corners” of the statute. Although the OAG will not likely focus on whether businesses are providing CCPA policies and notices in all applicable foreign languages until the final regulations are in place, it would be prudent for all businesses subject to the CCPA to begin identifying the different languages that may be used in their interactions with consumers in California to ensure that CCPA policies and notices in these languages can be timely provided to consumers as of the effective date of the final regulations.
The OAG looked at two key areas in determining the recipients of its initial notices of noncompliance, the information provided by businesses on their websites and consumer complaints. The OAG can determine with a click of a button whether your business is providing its CCPA policy and notices on your website in any language other than English and consumers may complain, either through links on the OAG’s CCPA or limited English proficiency pages or on social media, about your business’s failure to provide relevant foreign language disclosures. Even if your business has a tight CCPA compliance budget, it makes practical sense, in any language, to minimize this area of enforcement risk. Take stock of your business practices and prepare to stock up on the appropriate number of foreign language translations of your CCPA policy and notices.