In light of the rapidly changing coronavirus (COVID-19) situation, Troutman Sanders and Pepper Hamilton have postponed the effective date of their previously announced merger until July 1, 2020. The new firm – Troutman Pepper – will feature 1,100+ attorneys across 23 U.S. offices. Read more.
On May 4, Californians for Consumer Privacy, the organization that sponsored the California Consumer Privacy Act (CCPA) announced that it had submitted enough signatures to put a new privacy law, the California Privacy Rights Act of 2020 (CPRA), before California voters on the November ballot. If approved, the law would establish new consumer privacy rights more stringent than the CCPA.
The initiative to create the CPRA, formerly known as the California Privacy Rights and Enforcement Act of 2020, was filed on September 25, 2019. As originally drafted, the CPRA would (1) create a new right to correct inaccurate personal information, (2) prohibit the sale of “sensitive personal information” without a consumer’s opt-in consent, (3) create a new right for consumers to opt out of the use or disclosure of sensitive personal information for advertising and marketing, (4) establish the California Privacy Protection Agency to enforce the CPRA, and (5) create disclosure obligations for “profiling.” We previously discussed the initial draft of the CPRA here.
The CPRA was renamed and amended in November 2019 to take effect on January 1, 2023 (as opposed to January 1, 2021) and to only apply to personal information collected after January 1, 2022 (as opposed to January 1, 2020). The amended CPRA would also:
The amendments to the CPRA would further allow the to-be-created California Privacy Protection Agency to provide businesses with the opportunity to cure any alleged violations of the CCPA rather than pursuing a complaint and penalties. Additionally, the California Privacy Protection Agency would no longer be directly funded by regulatory fines.
While the CPRA may have enough signatures to qualify it for the November ballot, the California Secretary of State and county election officials will need to certify the signatures by June 25, 2020, which is also the deadline by which the initiative may be withdrawn, for its placement on the ballot to be official. Of the 900,000 signatures submitted by Californians for Consumer Privacy, 675,000 must be certified as valid for the CPRA to be included on the November ballot.
In the meantime, businesses should:
The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship.