Although the California Consumer Privacy Act (CCPA) has only been in effect for a matter of weeks – and its proposed regulations are not yet finalized – it could be overhauled by a new privacy law later this year. Last fall, the group that first formulated the CCPA as a ballot initiative in 2018, Californians for Consumer Privacy, led by real estate developer-turned-privacy activist Alastair Mactaggart, timely submitted a ballot measure and subsequent amendments, now titled “The California Privacy Rights Act of 2020” (CalPRA or “the Act”). The group is likely seeking to utilize a ballot initiative for this legislative update to avoid the lobbying and amendment process it believes could compromise the rights and obligations that the initiative sets forth. To guard against later amendments that limit the law’s application, the Act permits amendments by majority vote in each house of the California Legislature and signed by the governor; however, such amendments must be “consistent with and further the purpose and intent of this Act as set forth in Section 3.” In all likelihood, this last provision is one that will be contested in the future.
While retaining many CCPA provisions, CalPRA proposes significant updates to the CCPA, and seeks for the CA attorney general’s office and a newly formed privacy agency to issue guidance and regulations on various issues. If passed, the Act would require impacted organizations to make further changes to their data protection practices. However, unlike the CCPA, under CalPRA, California may provide organizations with some guidance on how to comply with CalPRA prior to the operative date of the new law.