The new regulations affect four sections of the regulations approved in August 2020.
Section 999.306. Notice of Right to Opt-Out of Sale of Personal Information.
- Section 999.306(a)(b)(3) is added to provide examples of how a business that sells consumers’ personal information (PI) and interacts with consumers offline can provide notice of the right to opt-out and instruction on how to do so. The examples describe the use of paper forms or signage, or providing the information by telephone.
- New section 999.306(f) provides an opt-out icon “designed by Carnegie Mellon University’s Cylab and the University of Michigan’s School of Information and tested against other icons to determine the best design for communicating the privacy choices available to consumers.” Use of the icon is optional and doesn’t replace other opt-out notice requirements.
Section 999.315. Requests to Opt-Out.
Section 999.326. Authorized Agent.
- Section 999.326(a) is modified so that a business may require that the authorized agent, rather than the consumer, provide proof of permission from the consumer. The consumer may still be required to verify their identity directly with the business or directly confirm that permission was granted to the authorized agent.
Section 999.332. Notices to Consumers Under 16 Years of Age.
For more information and insight from Maurice Wutscher on data privacy and security laws and legislation, visit https://mauricewutscher.com/data-privacy-and-security/.