Although it feels just like yesterday that the California Consumer Privacy Act ("CCPA") went into effect (it was January 1, 2020), California may be at it again. After securing 931,000 signatures from California State residents, the privacy-right activist group, Californians for Consumer Privacy, has qualified yet another privacy bill for the November 3, 2020 ballot. The California Privacy Rights Act ("CPRA"), which some are calling CCPA 2.0, would expand the privacy rights of Californians with enforcement set to begin on January 1, 2023.
What is CCPA 2.0?
The Current CCPA
In 2018, the California Legislature passed the CCPA in order to protect consumers' privacy rights by imposing obligations on how businesses collect, use and share California State resident personal information. The CCPA was hastily drafted and, up until the July 1, 2020 enforcement date, the California State Attorney General was scrambling to finalize CCPA regulations. To this day, there are still holes in the CCPA that remain unfilled.
CCPA 2.0
Proposed provisions of CCPA 2.0 would: 1) establish the California Privacy Protection Agency ("CPPA"), which would turn over enforcement of the CCPA from the California State Attorney General to a five-member consumer privacy-dedicated governmental agency; 2) increase protection of certain sensitive personal information, including consumer health, finance, race, ethnicity and precise location information; 3) triple fines for children's privacy violations; and 4) expand the private right of action to include the unauthorized access to, or disclosure of, a California resident email address combined with an associated password or security question.
CCPA 2.0 also proposes adding new consumer rights. Currently, businesses that meet the CCPA's thresholds must provide California consumers with the opportunity to: 1) opt-out of the sale of their personal information to third parties; 2) request to know what personal information businesses have collected about them and how businesses have sold or disclosed that information to third parties; and 3) request that businesses delete personal information that has been collected from/about them. If CCPA 2.0 passes, consumers will also have the right to: 1) correct personal information; 2) learn the length of time that companies retain their data; 3) opt-out of businesses using their precise geolocation information; and 4) restrict usage of their sensitive personal information.
Entities doing business in Europe may recognize that CCPA 2.0 would bring California privacy law closer to the General Data Protection Regulation ("GDPR") model. Businesses that have struggled to meet the standards imposed by the current CCPA regulations will be frustrated by the news that increased compliance obligations are potentially on the horizon. We will continue to monitor the progress of CCPA 2.0 and will update our readership with relevant developments.
Attorney Advertising
Photo by Markus Spiske on Unsplash
CCPA Compliance: The CA Attorney General is Enforcing Now!
CCPA Law: The Private Right of Action
Originally published 06 August, 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
