The California Privacy Rights Act (“CPRA”), an Act that was drafted to address some of the supposed shortcomings of the recently introduced Californian Consumers’ Privacy Act (CCPA), has moved closer to a reality as advocates have secured 900,000 of the 1 millions signatures that they require to add it to the state’s November ballot.
Californians for Consumer Privacy, the advocacy group established by real estate developer Alastair Mactaggart, revealed this week that it had submitted over 900,000 signatures to county election officials in support of the CPRA. It is envisaged that this new Act would enhance the provisions made within the CCPA as it aims to further expand the privacy rights of California residents and to further increase the companies’ compliance obligations. Previously, the CCPA has been criticized for its wide-ranging definitions, ambiguous language, and overall lack of clarity.
Mactaggart’s released a statement which said: “Laws need to keep pace with the ever-changing landscape of constant corporate surveillance, information gathering and distribution. Californians deserve to participate in and shape the conversation about how, when and with whom our most personal information is shared.”
The group was given a deadline by state officials of June 25 to secure a minimum of 623,212 signatures from California residents, verified by the state, in order for it to be placed on the Nov. 3 general election ballot. As of yet, it has not been verified if they have already reached this total.
Some of the areas that CPRA seeks to address includes:
- Sensitive Personal Information: The law will introduce a new category of information referred to as “sensitive personal information” and provide new rights for California consumers, permitting them to prevent companies from using their sensitive personal information.
- Definitions: The CPRA could seek to state outright, in a definition, that a person’s health, financial information, and geolocation data is defined as sensitive personal information.
- Right of Correction: Californians will be given the right to ask businesses to make corrections of any personal information that is inaccurate.
- Data Breach Liability: The law seeks to amend, and clarify, the CCPA as it relates to data breach liability. Moreover, it states that any breaches in which a consumer’s email is compromised along with their password or a security question and answer will be the responsibility of the company and sanctions will be applied appropriately.
- Children’s privacy: Children’s’ privacy rights will be bolstered and CCPA fines for collecting and selling private information of minors under 16 years of age will be increased threefold.
- New Enforcement Arm: A new data protection watchdog called ‘the California Privacy Protection Agency (CPPA)’ would be established to help protect consumers’ rights.
- Increased Transparency: The CPPA would assist in increasing the transparency of what is being done with private data and give consumers greater management over their data.
This move comes as those advocating for a delay to the enforcing of the CCPA legislation, until January 2021, have faced a further setback as California State Attorney General Xavier Becerra confirmed there would be no such move made.
This latest development emphasizes the shift in power from companies to the consumers, and private citizens, and makes it more important that ever for businesses to ensure that they are doing everything in a completely compliant way. It would be wise to seek a consultancy to assess compliance with the CCPA and to prepare for the likely introduction of the CPRA as soon as possible.