What Comes Next After “Yes” on 24?
From the CCPA to the CPRA and Beyond

Authors:

• Philip R. Recht,
• Evan M. Wooten

Generate PDF

On November 3, 2020, a majority of Californians cast “yes” votes for Proposition 24, the ballot initiative enacting the California Privacy Rights Act of 2020 (CPRA). Although the election results have not yet been certified by the California Secretary of State and may not be before December 11, 2020 (the latest date), the CPRA had reached 56-percent approval the morning after the election, causing the initiative’s proponents to declare victory and opponents to concede defeat. The CPRA, of course, builds on the California Consumer Privacy Act (CCPA), which only just became effective on January 1, 2020, and then enforceable on July 1, 2020. Readers can be forgiven for CCPA-CPRA fatigue. Following the drama of the CCPA’s enactment in June 2018, two legislative sessions of tense amendment negotiations, three drafts of CCPA regulations and a fourth version of the regulations potentially on the way, compliance officers and privacy professionals may be left with heads spinning. Unfortunately, the CPRA’s enactment is not an end to this progression, but simply another new beginning. This Legal Update aims to provide an overview of what comes next, after the CPRA becomes official in early to mid-December 2020. Specifically, we will highlight the significant differences between the CCPA and CPRA, the institution of the new agency charged with enforcing the CPRA, the revised timeline for regulation and enforcement, and steps businesses can take to begin their compliance efforts.