Can companies use arbitration clauses and class-action waiver provisions to mitigate the risk of CCPA-related class actions?

Is there an obligation to monitor service providers under the CCPA?