What's the California Privacy Rights Act?
Even after the recent finalization of CCPA regulations by the attorney general, in June there was an announcement of a new Privacy Act qualification, the CPRA - California Privacy Rights Act 2020.
The initiative's sponsor, Californians for Consumer Privacy, delivered more than 900,000 signatures in May to qualify CPRA for the ballot. Following the order of a California Superior Court judge, the Secretary of State Alex Padilla announced the new act qualification for the November ballot.
The initiative's proposal aims to correct the shortcomings that the CCPA presented - despite being the most comprehensive privacy law in the USA - after some swift negotiations by the California legislature disappeared from the original ballot initiative. To this end, it relies freely on the EU's General Data Protection Regulation (GDPR), aiming to expand consumers' rights and control over their personal information.
Based on it, the right to rectify data and inaccurate or outdated information that companies have and the possibility of classifying personal information as confidential when necessary - requiring companies that process this type of confidential data to provide more control to consumers has been added. And also the right to define the type of consent that occurred when data were provided using the language "freely given, specific, informed and unambiguous", which could mean the end of the concept of "opt-out consent" in the USA.
In addition to the measures added based on the GDPR, there were changes and reinforcements to some items already addressed by the CCPA. The extent of B2B and employee exemptions is one of them. CPRA would extend the exemption for employee data and personal information collected in the business-to-business context until January 1, 2023, providing more than 2 years for lawmakers to develop terms to address privacy in these areas.
Stricter than the current law, CPRA would triple the fines already allowed for violating the privacy rights of children under 16 and increase the types of violations for which consumers have a private right of action to those that include an e- in combination with authentication information that would allow access to the account.
Sensitive personal information is a novelty based on the European GDPR and organizations that process these data types would be obligated to provide individuals more control over their sensitive data.
CPRA would also establish the first body specifically dedicated to protecting privacy rights in the United States, the California Privacy Protection Agency.
The electoral initiative has everything to be realized and becoming a law would mean more privacy protection for Californians and greater compliance obstacles for organizations under the CCPA. Pay attention to possible legislative changes and prepare yourself with a privacy program that aggregates them allEven after the recent finalization of CCPA regulations by the attorney general, in June there was an announcement of a new Privacy Act qualification, the CPRA - California Privacy Rights Act 2020.
The initiative's sponsor, Californians for Consumer Privacy, delivered more than 900,000 signatures in May to qualify CPRA for the ballot. Following the order of a California Superior Court judge, the Secretary of State Alex Padilla announced the new act qualification for the November ballot.
The initiative's proposal aims to correct the shortcomings that the CCPA presented - despite being the most comprehensive privacy law in the USA - after some swift negotiations by the California legislature disappeared from the original ballot initiative. To this end, it relies freely on the EU's General Data Protection Regulation (GDPR), aiming to expand consumers' rights and control over their personal information.
Based on it, the right to rectify data and inaccurate or outdated information that companies have and the possibility of classifying personal information as confidential when necessary - requiring companies that process this type of confidential data to provide more control to consumers has been added. And also the right to define the type of consent that occurred when data were provided using the language "freely given, specific, informed and unambiguous", which could mean the end of the concept of "opt-out consent" in the USA.
In addition to the measures added based on the GDPR, there were changes and reinforcements to some items already addressed by the CCPA. The extent of B2B and employee exemptions is one of them. CPRA would extend the exemption for employee data and personal information collected in the business-to-business context until January 1, 2023, providing more than 2 years for lawmakers to develop terms to address privacy in these areas.
Stricter than the current law, CPRA would triple the fines already allowed for violating the privacy rights of children under 16 and increase the types of violations for which consumers have a private right of action to those that include an e- in combination with authentication information that would allow access to the account.
Sensitive personal information is a novelty based on the European GDPR and organizations that process these data types would be obligated to provide individuals more control over their sensitive data.
CPRA would also establish the first body specifically dedicated to protecting privacy rights in the United States, the California Privacy Protection Agency.
The electoral initiative has everything to be realized and becoming a law would mean more privacy protection for Californians and greater compliance obstacles for organizations under the CCPA. Pay attention to possible legislative changes and prepare yourself with a privacy program that aggregates them all.