On June 30, 2023, the Superior Court for the County of Sacramento issued a minute order enjoining the California Privacy Protection Agency (CPPA or Agency) from enforcing updates to the existing CCPA regulations until March 29, 2024, twelve months after they were finalized.  However, the Agency’s enforcement of the CCPA,  as now amended by the California Privacy Rights Act (CPRA), begins on July 1, 2023.  The CCPA, as amended, imposes many new compliance requirements, including ones relating to advertising cookies, sensitive personal information, and employee data, and it  provides consumers with additional privacy rights.  See CPRA Favored by California Voters – Practical Takeaways.  For the still outstanding regulations relating to cybersecurity audits, risk assessments, and automated decision-making, enforcement will begin one year from the date those regulations are finalized.

On March 30, 2023, the California Chamber of Commerce filed suit against the newly created CPPA to enjoin the Agency from bringing any enforcement actions under the amended CCPA regulations.  The California Chamber argued that because the regulations implementing the CPRA were finalized on March 29, 2023 – eight months later than the Agency was mandated to issue the regulations — the Agency did not provide businesses with the required 12-month grace period to come into compliance as contemplated under the CPRA.  The Superior Court agreed and ordered that enforcement of any CCPA regulations implemented pursuant to Section 1798.185(d) will be stayed for 12 months from the date the individual regulation becomes final.   The Court also found that regulations finalized in August 2020 pursuant to the CCPA will remain in full force and effect until amended CCPA regulations become enforceable in March 2024.