Authors:
Ron Raether, Partner, Troutman Sanders
Wynter Deagle, Partner, Troutman Sanders
Sharon Klein, Partner, Pepper Hamilton
Alex Nisenbaum, Partner, Pepper Hamilton
Sadia Mirza, Associate, Troutman Sanders
Sam Hyams, Associate, Troutman Sanders
On June 24, 2020, the California Secretary of State released a memorandum (available here) stating that the California Privacy Rights Act (the “CPRA”), also known as the CCPA 2.0, passed the threshold of signatures to be on the November ballot for California’s General Election. The CPRA, which was introduced by Californians for Consumer Privacy, the group behind the California Consumer Privacy Act of 2018 (the “CCPA”), would expand upon the CCPA’s consumer privacy rights and move California privacy law closer in the direction of the EU General Data Protection Regulation (“GDPR”). For example, the CCPA would create a new right to correct inaccurate personal information and a new right for consumers to opt out of the use or disclosure of sensitive personal information for advertising and marketing purposes. The law would also establish a “California Privacy Protection Agency” to enforce the CPRA. For more discussion on the specifics of the CPRA, see Troutman Sanders’ article, available here.
Early polling done by Californians for Consumer Policy (the group behind the initiative) suggests support for the CPRA—stating that nine in ten Californians surveyed stated they would vote in favor of the CPRA. A summary of this polling is available here. If the CPRA passes, it will go into effect January 1, 2023 and likely require additional rulemaking, which could create confusion for business compliance similar to the CCPA. For discussion about substantive rule making involving the CCPA, see Troutman Sanders’ articles, available here and here. Troutman Sanders will continue monitoring the CPRA and provide relevant updates and analysis.
In the meantime, businesses should focus on complying with the CCPA, including building in flexibility to adjust to modifications and clarification such as with the proposed enforcement regulations. The CCPA has officially been in effect since January 1, 2020, and is scheduled to be enforced starting July 1, 2020. Earlier this month, Attorney General Xavier Becerra submitted the final proposed regulations for the CCPA to the state Office of Administrative Law. AG Becerra requested an expedited review so that the regulations can take effect July 1. For more discussion on the process of approving the final proposed regulations, see Troutman Sanders’ article, available here.