The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. If voters approve the initiative, the CPRA would significantly expand the California Consumer Privacy Act (CCPA), establish the California Privacy Protection Agency, remove the CCPA's cure period and impose a number of General Data Protection Regulation-style obligations on businesses, among other requirements.
The California attorney general recently submitted the final text of the California Consumer Privacy Act regulations to the California Office of Administrative Law for approval. Although regulations submitted to the Office of Administrative Law in June 2020 ordinarily would not become effective – if approved – until 1 October 2020, the attorney general has requested an expedited review.
The Washington Privacy Act (WPA) gained significant traction in the legislature in 2019, passing the state Senate almost unanimously, but ultimately failing in the state House of Representatives due to discussions around facial recognition and compliance challenges. State Senator Reuven Carlyle has now released a revised draft of the WPA for 2020. If enacted as drafted, this new version of the WPA would come into effect on 31 July 2021.
The California attorney general recently released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The attorney general also released a notice of proposed rulemaking and an initial statement of reasons that provide drafting insights and outline considerations that will likely continue to guide the rulemaking process. The proposed regulations provide clarifications for businesses and consumers in five key CCPA areas, including privacy notice requirements.
In 2018 California passed the California Consumer Privacy Act (CCPA), which seeks to give consumers additional safeguards regarding their personal information. The CCPA will become effective in January 2020 and may impact companies in the education sector, including large education technology companies. Regulated educational entities should be wary of the CCPA's key requirements, including the deletion of consumers' personal information on request.