The ink has barely dried on the California Consumer Privacy Act (“CCPA”) and its regulations, yet California Proposition 24 was approved by voters in the November election.  As a result, the CCPA will be amended and the California Privacy Rights Act (“CPRA”) will be enforced beginning January 2023 by the California Privacy Protection Agency, the state agency created by the CPRA. Similar to the CCPA, the CPRA will have a 12-month look-back period; thus businesses should strive to comply with the CPRA before January of 2022.  Of a more immediate concern, the employee and the business-to-business exceptions will be extended to January 1, 2023.  We expect more regulations to be issued in the lead up to the CPRA enforcement date.

Additionally, on December 10, 2020, the AG’s office released modifications to the previously withdrawn regulations.  The proposed regulations offer clarifications of the information collected offline (where the business “sells” personal information), the procedures to opt-out from the “sale” of personal information, and the “Do Not Sell” button.  The public comment period is open until December 28, 2020. The AG’s website dedicated to the CCPA provides more information.

Legal Disclaimer: