We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
03 July 2020
What would the CPRA do?
How did the CPRA come to be?
Can the CPRA be avoided through legislative revisions to the CCPA?
How likely are voters to approve the CPRA?
What happens if voters approve the CPRA?
It's official. The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. And if polling from late last year remains accurate, California voters are likely to approve it. If voters approve the initiative, the CPRA would significantly expand the CCPA, establish the California Privacy Protection Agency, remove the CCPA's cure period, and impose a number of GDPR-styled obligations on businesses, among other requirements. The substantive provisions of the CPRA would take effect January 1, 2023.
The CPRA would impose a number of novel obligations on businesses. We have summarized the CPRA's key additions and modifications in this blog post. To name a few changes, the CPRA would:
These changes would come into effect January 1, 2023, and with the exception of the access right, would apply to only personal information collected after January 1, 2022. The CPRA would also extend the CCPA's temporary exceptions for B2B and human resources data until January 1, 2023.
The CPRA is the latest consumer privacy ballot initiative from Californians for Consumer Privacy, a non-profit led by Celine and Alastair Mactaggart. Californians for Consumer Privacy was also behind the 2018 ballot initiative that, in a feat of last-minute deal-making, was pulled from the 2018 ballot in exchange for the enactment of the CCPA.
The organization introduced the CPRA ballot initiative in late 2019 given concerns that the CCPA did not sufficiently protect consumer privacy. The text of the proposed initiative went through several rounds of negotiations with interested parties. The final text of the CPRA was published on November 13, 2019. Californians for Consumer Privacy submitted over 900,000 signatures in support of the CPRA on May 4, 2020, and on June 24, 2020, the Secretary of State confirmed that the initiative had enough valid signatures to appear on the November 2020 ballot.
We will not see a repeat of 2018's last-minute deal-making to avoid the CPRA. California's Elections Code allows a proponent to remove only a "proposed" initiative. Initiatives are considered "proposed" until the Secretary of State issues a certificate of qualification on the 131st day before the next statewide general election. June 25, 2020, is the 131st day before the next statewide general election, and the Secretary of State has announced that his office will qualify the measure on June 25, 2020.
While we will not know the results until the ballots are counted in November, preliminary polling conducted in October 2019 suggests that approximately 9 of 10 California voters would vote "yes" to support a ballot measure expanding privacy protections for consumers' personal information. If this holds true, then CPRA—which needs only a majority vote to pass—would have overwhelming support come November.
The immediate impacts on businesses will be minimal, at least until the lead up to January 1, 2023, as the CCPA would continue to be governing law until January 1, 2023.
The provisions establishing the California Privacy Protection Agency would come into effect five days after the Secretary of State certifies the election results per Cal. Const. art II section 10(a). The Agency would assume enforcement and rulemaking authority currently delegated to the Attorney General under the CCPA. The CPRA would require final regulations implementing the provisions of the act to be promulgated by July 1, 2022. Enforcement of the provisions added or modified by the CPRA would commence July 1, 2023 and would apply to only violations of the law that occur after that date.
For further information on this topic please contact Mark M Brennan, Timothy P Tobin or Bret S Cohen at Hogan Lovells by telephone (+1 202 637 5600) or email (email@example.com, firstname.lastname@example.org or email@example.com). The Hogan Lovells website can be accessed at www.hoganlovells.com.
This article has been reproduced in its original format from Lexology – www.Lexology.com.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.