{"id":1665,"date":"2019-12-09T10:47:39","date_gmt":"2019-12-09T18:47:39","guid":{"rendered":"https:\/\/blog.mozilla.org\/netpolicy\/?p=1665"},"modified":"2020-02-25T13:51:38","modified_gmt":"2020-02-25T21:51:38","slug":"mozilla-comments-on-ccpa-regulations","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/","title":{"rendered":"Mozilla comments on CCPA regulations"},"content":{"rendered":"<p>Around the globe, Mozilla has been a supporter of\u00a0 data privacy laws that empower people &#8211; including the California Consumer Protection Act (CCPA). For the last few weeks, we\u2019ve been considering the draft regulations, released in October, from Attorney General Becerra. Today, we submitted <a href=\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2019\/12\/CCPA-regulation-comments.pdf\">comments<\/a> to help California effectively and meaningfully implement CCPA.<\/p>\n<p>We all know that people deserve more control over their online data. And we take care to provide people protection and control by baking privacy and the same principles we want to see in legislation into the Firefox browser.<\/p>\n<p>In our comments, we discuss three important provisions:<\/p>\n<ul>\n<li>The definition of a third party: Usually, third party interactions are defined by the context of the data collection &#8211; not whether or not the party has a direct relationship with the user. More and more, we see companies collect data from a number of contexts: first parties, as a third party on a different site, or simply buying data directly from a data broker or reseller. These definitions should be clear that data is not regulated based solely on how the entity is categorized &#8211; but rather about the context in which the data was obtained.<\/li>\n<li>The potential for fraud with data requests coming through authorized agents: We\u2019re encouraged by authentication requirements, but concerned that a set of unauthorized agents may blanket companies with fraudulent\u00a0 requests .The opportunity for fraud and abuse is high particularly if the business responding to such a request does not have a meaningful opportunity to pursue their own authentication other than asking the authorized agent for proof of such authorization. Additional guidance on companies\u2019 obligations to respond to third party agents would be helpful as companies try to balance security with responsiveness to access requests.<\/li>\n<li>Metrics reporting: The regulations outline a series of public facing metrics companies must release about access requests. the specific reporting breakdowns required (do not significantly increase the understanding of how CCPA rights are being exercised and complied with. Companies like Mozilla that extend the same personal data rights to any person and cannot determine that individual\u2019s location, will have difficulty complying with the metrics reporting as outlined in the draft regulations. We do not want to ask users who send us data access requests for additional personal information in order to comply with a metrics standard.<\/li>\n<\/ul>\n<p>We look forward to continuing to work with the California Attorney General\u2019s office to help protect the data of Californians &#8211; and we will keep working across jurisdictions to enact privacy and data protection laws across the globe.<\/p>\n<p>While we will all have to see how implementation and enforcement roll out, we continue to be very encouraged to see California acting where the U.S. Congress has not (although we were also happy to see several frameworks released in advance of this week\u2019s hearing). There are many shared elements between these laws, regulations, and drafts and the privacy blueprint we released earlier this year.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Around the globe, Mozilla has been a supporter of\u00a0 data privacy laws that empower people &#8211; including the California Consumer Protection Act (CCPA). For the last few weeks, we\u2019ve been &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/\">Read more<\/a><\/p>\n","protected":false},"author":1273,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[847],"tags":[],"coauthors":[311577,327269],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mozilla comments on CCPA regulations - Open Policy &amp; Advocacy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Heather West, Alicia Gray\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/\",\"name\":\"Mozilla comments on CCPA regulations - Open Policy &amp; Advocacy\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\"},\"datePublished\":\"2019-12-09T18:47:39+00:00\",\"dateModified\":\"2020-02-25T21:51:38+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/netpolicy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mozilla comments on CCPA regulations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/\",\"name\":\"Open Policy &amp; Advocacy\",\"description\":\"Mozilla&#039;s official blog on open Internet policy initiatives and developments\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40\",\"name\":\"Heather West\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/473697387e4dd4394de2baac8badd43c\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g\",\"caption\":\"Heather West\"},\"description\":\"Heather works on security, cybersecurity, data governance, and privacy in the digital age at Mozilla, maker of the Firefox browser. At the intersection of public policy and technology, she is part policy-to-tech translator, part product consultant, and part long-term Internet strategist. She works with stakeholders and policymakers in DC as well as global product and policy teams and was recognized as one of the 2014 Forbes 30 Under 30 in Law and Policy. She helped found the public policy team at CloudFlare, a website performance and security company, served as global and Federal privacy and security issue expert on Google\u2019s public policy team, and started her career working on government technology, privacy, and identity management at the public interest group Center for Democracy and Technology. She holds a B.A. in Computer Science and Cognitive Science from Wellesley College with concentrations in philosophy and legal studies, and is a Certified Information Privacy Professional (CIPP\/US). She is also recognized as a Christian Science Monitor Passcode Influencer.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mozilla comments on CCPA regulations - Open Policy &amp; Advocacy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/","twitter_misc":{"Written by":"Heather West, Alicia Gray","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/","url":"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/","name":"Mozilla comments on CCPA regulations - Open Policy &amp; Advocacy","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website"},"datePublished":"2019-12-09T18:47:39+00:00","dateModified":"2020-02-25T21:51:38+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2019\/12\/09\/mozilla-comments-on-ccpa-regulations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/netpolicy\/"},{"@type":"ListItem","position":2,"name":"Mozilla comments on CCPA regulations"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website","url":"https:\/\/blog.mozilla.org\/netpolicy\/","name":"Open Policy &amp; Advocacy","description":"Mozilla&#039;s official blog on open Internet policy initiatives and developments","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/fdff0d5bb50c4a81e2743d7f91775d40","name":"Heather West","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/473697387e4dd4394de2baac8badd43c","url":"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1cc029c6538a1898f71b01b401691323?s=96&d=mm&r=g","caption":"Heather West"},"description":"Heather works on security, cybersecurity, data governance, and privacy in the digital age at Mozilla, maker of the Firefox browser. At the intersection of public policy and technology, she is part policy-to-tech translator, part product consultant, and part long-term Internet strategist. She works with stakeholders and policymakers in DC as well as global product and policy teams and was recognized as one of the 2014 Forbes 30 Under 30 in Law and Policy. She helped found the public policy team at CloudFlare, a website performance and security company, served as global and Federal privacy and security issue expert on Google\u2019s public policy team, and started her career working on government technology, privacy, and identity management at the public interest group Center for Democracy and Technology. She holds a B.A. in Computer Science and Cognitive Science from Wellesley College with concentrations in philosophy and legal studies, and is a Certified Information Privacy Professional (CIPP\/US). She is also recognized as a Christian Science Monitor Passcode Influencer."}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/1665"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/users\/1273"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/comments?post=1665"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/1665\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/media?parent=1665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/categories?post=1665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/tags?post=1665"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/coauthors?post=1665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}