It is a hallmark of U.S. administrative law that policy decisions are made by the Legislature, with gaps filled in via regulation. See Med. Soc’y v. Serio, 100 N.Y.2d 854, 865 (2003). Administrative agencies are given wide discretion in this regard and courts show special deference in relation to matters within an agency’s area of expertise. See Wembly Mgmt. Co. v. New York State Div. of Hous. & Cmty. Renewal, 205 A.D.2d 319, 319 (1st Dept. 1994). An administrative agency cannot, however, create policy on its own or otherwise promulgate rules not generally authorized by the Legislature.

California Consumer Privacy Act

In the arena of data protection, this separation of powers is being put to the test and, in certain cases, causing confusion for the millions of U.S. businesses seeking to comply with newly created data protection duties. Case in point, the California Consumer Privacy Act (CCPA), which famously came into effect on Jan. 1, 2020 with no regulations in place to fill in conspicuous gaps found in the law. CCPA itself was a reaction to a popular ballot initiative which, if passed, would have significantly tied the California Legislature’s hands in relation to future amendments. See Cal. Const., art. II, §10 (70% legislative majority required to amend adopted ballot initiative). Instead of restricting its ability to change the initiative, the Legislature decided to swallow the bitter pill of CCPA, leaving much of the detail concerning CCPA compliance to the California attorney general, who is required to promulgate CCPA-related regulations no later than July 1, 2020. These regulations must include, inter alia, specific rules for the uniform “Do Not Sell My Personal Information” button required under the statute, verification of consumer data requests, and the very definition of “personal information” on which the whole of CCPA is based.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]