Chris Lyon spoke to Cybersecurity Law Report about the California Attorney General's June 1, 2020 release of the California Consumer Privacy Act's (CCPA) final regulations, which is forcing companies to ask their vendors for more detailed terms regarding the permitted scope of data use.
According to Chris, some businesses are skeptical about commercial exploitation despite the Attorney General's clarification. These companies worry that the data restrictions that they put in contracts last year now may not cover all of their vendors' anticipated uses, and that their "providers might exploit the data commercially in a way that they don't like," she said, adding that they are thus considering tightening service-provider contract provisions to address ambiguities around what counts as an internal use.
Read the full article (subscription required).