New California privacy law to be on November ballot

The group that spearheaded the landmark California Consumer Privacy Act has garnered enough signatures to put a law that would replace the CCPA on the November 2020 ballot.

Californians for Consumer Privacy yesterday said it has collected some 900,000 signatures – considerably more than the 623,212 they needed by July. The group has named the proposed new law the California Privacy Rights Act (CPRA).

“Even as we’ve worked to strengthen privacy laws here in California, we’ve realized that our laws need to keep pace with the ever-changing landscape of constant corporate surveillance, information gathering and distribution,” said Californians for Consumer Privacy founder Alastair Mactaggart. “We think Californians deserve to participate in and shape the conversation about how, when and with whom our most personal information is shared. That’s why we’ve introduced this new ballot measure, signed by nearly one million California voters.”

The Californians for Consumer Privacy unveiled the new CPRA last September, just weeks after lawmakers finalised the CCPA.

According to Mactaggart, he is pushing for a new privacy law because “some of the world’s largest companies” worked to weaken the CCPA as it made its way through the state legislature last year.

One of the major changes the new CPRA would bring is the creation of an independent enforcement body, the California Privacy Protection Agency. California’s attorney general is responsible for enforcing the CCPA, and is expected to issue guidance in October to help businesses comply with the law.

Covington & Burling partner Lindsey Tonsager said at the time that she was “baffled” at the proposal for a new enforcement body, given the time and resources already spent on preparing staff within California’s office of the attorney general for the CCPA.

“Mactaggart originally looked at the AG to adopt regulations and enforce CCPA. Now this proposal is a complete reversal,” Tonsager said. “In fact, the AG’s office has asked for and received additional funding to make sure the CCPA is properly enforced.”

Meanwhile, enforcement of the original CCPA has yet to take effect.

Businesses and trade groups have pleaded for a postponement of the impending law due to the covid-19 pandemic and economic recession, but California Attorney General Xavier Becerra said enforcement will go ahead on schedule.

A spokesperson for the AG told GDR in March that Becerra is “mindful of the new reality created by covid-19 and the heightened value of protecting consumers' privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency.”

Some privacy advocates have suggested that the uncertainty surrounding California could finally lead to comprehensive federal privacy legislation.

“There’s a good understanding that if you don’t achieve federal legislation, you’re not just trading it off for the CCPA, but also the much stiffer ballot initiative,” Jules Polonetsky, the chief executive of the Washington, DC-based think tank Future of Privacy Forum, said at a press conference late last year.

Get unlimited access to all Global Data Review content