In the midst of an unprecedented presidential campaign, you might have missed that California’s Proposition 24, also called the California Privacy Act (CPRA), was poised to amend the California Consumer Privacy Act (CCPA) a mere three months after Attorney General Xavier Becerra approved the final regulations for the CCPA.
On November 3, California voters approved the CPRA by a count of 56% (YES) to 44% (No). In July, we discussed the CPRA’s proposed changes to the CCPA, such as creating sensitive personal information as a second category of information. The CPRA also creates additional rights to consumers, additional obligations of businesses that apply to the CPRA, an increased focus on “sharing” information for behavioral advertising and the creation of a new governing entity to enforce the CPRA.
The CPRA is set to become effective on January 1, 2023, when the CCPA’s compliance requirements for the personal information of employees and business contact requirements will also finally go into effect. We expect other states to follow California’s example and enact stricter privacy laws due to consumer pressure and other privacy advocacy groups. Stay tuned for more on this topic and others as privacy and security continues to be at the forefront of emerging law and business.