CCPA Service Provider Addendumplain, minimal form
I’ve published a first draft of a minimalist, plain-terms contract addendum for “service providers” under the California Consumer Privacy Act, which went into effect this month. What data protection addenda were for the General Data Protection Regulation, this new form is to the CCPA.
My guiding principle was to do as little possible, addressing the requirements of the CCPA without heaping on additional boilerplate or exercising muscle memory from GDPR. The most annoying bit is clearly the express acknowledgment of the CCPA’s requirements. A great many well drafted service agreements with tight data use and disclosure restrictions could have met the statutory requirements without that imposition.
All in, it feels a bit “rubbing our noses in it”. That’s a crude form of awareness building, but perhaps fairly warranted.
Feedback from fellow counsel and privacy pros much appreciated. I will continue to evolve the form as I can. And of course we’re expecting plenty of new judicial and regulatory gloss as the situation develops.
Cloudy with a chance of preemption? I expect more than a few lobbyists are doing the rain dance.
Your thoughts and feedback are always welcome by e-mail.