Most Americans have been laser-focused on the 2020 presidential election. However, other election results are in. In California, voters approved a referendum on consumer privacy called the California Privacy Rights Act (CPRA), which dramatically alters the privacy compliance landscape in the US and creates the country’s first stand-alone privacy regulator.
Privacy advocate Alastair Mactaggart sponsored the CPRA in reaction to what he believed was the California legislature’s overly business-friendly privacy law, the California Consumer Privacy Act (CCPA). The CCPA went into effect on January 1, 2020, with enforcement by the California attorney general (AG) beginning on July 1, 2020. Companies have been working to implement the CCPA and its dynamic and changeable regulations, but implementation has been complicated by both the impact of COVID-19 and revisions to the implementing regulations.
The CPRA will add complexity to an already complex legal situation. The nuances of how the CPRA and CCPA will work together remain to be seen and will be developed by the newly created California Privacy Protection Agency and the California AG in the coming months.