Before businesses can even breathe a sigh of relief for getting into compliance with the California Consumer Privacy Act (“CCPA”), they will now need to gear up for yet another first-of-its-kind privacy law in the form of the California Privacy Rights Act (“CPRA”). The CPRA, enacted by ballot initiative Proposition 24, appears to have passed with approximately 56% of the vote, though ballot results will not be certified until December 11.
The CPRA, sometimes dubbed “CCPA 2.0,” amends and expands the CCPA, keeping certain provisions in place while revising or adding new provisions. All businesses, especially those collecting sensitive personal information or information of minors, should re-evaluate their data collection, sharing, and use practices again in light of the new law and make necessary changes.
Select key provisions of CPRA include the following:
The CPRA becomes effective January 1, 2023, but businesses will need to comply with certain provisions and requirements with respect to information collected as of January 1, 2022. Covered businesses must still comply with the CCPA, and enforcement of the CCPA by the Attorney General is expected to continue in the meantime.
Overall, this caps a rollercoaster year for privacy legislation in California, as summarized here. If your company needs assistance with any privacy issues, Coblentz Patch Duffy & Bass LLP can help. Please contact Scott Hall at firstname.lastname@example.org for further information or assistance.