California Privacy Rights and Enforcement Act is passed by voter ballot
Proposition 24, also known as the California Privacy Rights and Enforcement Act of 2020 (CPRA), garnered the support of a majority of California voters at the November 3 ballot.
CPRA builds upon the California Consumer Privacy Act of 2018 (CCPA) to strengthen consumers’ privacy rights. Here are the main ways CPRA raises the bar beyond CCPA for companies doing business in California:
California consumers have new rights:
to correct their personal data
opt out of proximate geolocation tracking
browse without pop-ups
Companies must:
minimize their retention of Californians’ personal data
further restrict collection and use of sensitive personal data
provide consumers greater transparency around “profiling” and “automated decision-making”
regularly assess high-risk data processors
The act creates and empowers a California Privacy Protection Agency to audit businesses and enforce the law with the ability to impose penalties and fines for noncompliance.
CPRA applies to personal information collected after January 1, 2022, and comes in force on January 1, 2023.
The new California law is part of the “tripolar privacy world” privacy megatrend PwC has identified. New privacy regulations continue to emerge from Brazil and South Africa to India and Singapore.They are converging around core individual rights but diverging on an array of data lifecycle and programmatic requirements clustered around the United States, European or Chinese models. CPRA has become the latest call-to-action for multinationals to deploy a data trust strategy, adapting their global data and technology infrastructure to these regional variations.
