Although the California Consumer Privacy Act (CCPA) has only been in effect for a matter of weeks – and its proposed regulations are not yet finalized – it could be overhauled by a new privacy law later this year. Last fall, the group that first formulated the CCPA as a ballot initiative in 2018, Californians for Consumer Privacy, led by real estate developer-turned-privacy activist Alastair Mactaggart, timely submitted a ballot measure and subsequent amendments, now titled “The California Privacy Rights Act of 2020” (CalPRA or “the Act”). The group is likely seeking to utilize a ballot initiative for this legislative update to avoid the lobbying and amendment process it believes could compromise the rights and obligations that the initiative sets forth. To guard against later amendments that limit the law’s application, the Act permits amendments by majority vote in each house of the California Legislature and signed by the governor; however, such amendments must be “consistent with and further the purpose and intent of this Act as set forth in Section 3.” In all likelihood, this last provision is one that will be contested in the future.

While retaining many CCPA provisions, CalPRA proposes significant updates to the CCPA, and seeks for the CA attorney general’s office and a newly formed privacy agency to issue guidance and regulations on various issues. If passed, the Act would require impacted organizations to make further changes to their data protection practices. However, unlike the CCPA, under CalPRA, California may provide organizations with some guidance on how to comply with CalPRA prior to the operative date of the new law.

Read the full GT Alert.

Print:
EmailTweetLikeLinkedIn
Photo of Gretchen A. Ramos Gretchen A. Ramos

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact…

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact that she works in a service industry. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach to client service, including her bullet-pointed emails, snapshot executive summaries, and creativity in finding ways to streamline communications for in-house counsel with dozens of other projects—and little time—on their hands.

Gretchen’s clients come from diverse industries, including technology (SaaS), health care and life sciences, consumer products, manufacturing, academic institutions, and non-profits. She provides clients with practical business advice on compliance with state and federal U.S. laws, GDPR, APEC, and other global privacy laws in relation to their external and internal privacy and security procedures, product and app development, and advertising practices. Gretchen also regularly drafts and negotiates contracts concerning data-related vendors, assists clients in assessing privacy risks in corporate transactions, and provides guidance on and conducts privacy and security assessments. She has managed dozens of data breaches, and helps clients prepare for and immediately respond to security incidents and breaches.

Photo of Darren Abernethy Darren Abernethy

Darren J. Abernethy is a data privacy attorney with more than a decade of experience, including in private practice in Washington, D.C. and as in-house counsel at startups and a leading privacy technology vendor. He advises clients on matters related to advertising technology…

Darren J. Abernethy is a data privacy attorney with more than a decade of experience, including in private practice in Washington, D.C. and as in-house counsel at startups and a leading privacy technology vendor. He advises clients on matters related to advertising technology, privacy and data governance, and FTC best practices.

Darren focuses on the California Consumer Privacy Act (CCPA), the European Union General Data Protection Regulation (GDPR)/ePrivacy, digital advertising, direct marketing, and product counseling.