The California Privacy Rights Act of 2020 is similar to the CCPA, but there are significant differences. Baker Donelson’s Matthew White and Alexander Koskey summarize several of the provisions of the CPRA that all covered businesses need to consider.
While most of us have been understandably focused on the presidential election, the State of California has passed significant new privacy legislation that may have a substantive impact on your business. Specifically, Californians voted to pass Proposition 24, the California Privacy Rights Act of 2020 (CPRA). The CPRA will replace the California Consumer Privacy Act (CCPA) beginning January 1, 2023. While many may be quick to label this as “CCPA 2.0,” the CPRA has a much broader set of rights and obligations than the CCPA, which may create new compliance hurdles for covered businesses.
Timing
The CPRA takes effect on January 1, 2023. However, it will have a “look back” period to January 2022, meaning that personal information collected by businesses starting January 1, 2022 will be subject to the CPRA’s requirements. Until that time, the CCPA remains in force.
Key Provisions
The CPRA appears to be moving California’s privacy regulations even closer to the requirements of the European Union’s General Data Privacy…