"Differences between the California Consumer Privacy Act and the California Privacy Rights Act" by Sherry-Maria Safchuk (Conference on Consumer Finance Law Quarterly Report)
Conference on Consumer Finance Law Quarterly ReportSherry-Maria Safchuk
The transformation of privacy laws in California has been swift. The rapid adoption of the California Consumer Privacy Act of 2018 (“CCPA”), its regulations, and the California Privacy Rights Act of 2020 (“CPRA”) has required businesses to diligently track new consumer protections across privacy statutes and regulations to ensure compliance. Since January 1, 2020, businesses have grappled with understanding and implementing the CCPA, updating processes and procedures once the CCPA regulations were finalized, and monitoring the passage of the CPRA to determine potential implications.
When the CCPA became effective, it gave California consumers robust privacy rights and control over their personal information such as the right to know, the right to access, the right to delete, the right to opt-out of the sale of personal information that businesses collect, the right to nondiscrimination, and includes additional protections for minors. The California attorney general engaged in a comprehensive rulemaking process that gathered comments from stakeholders to develop a set of regulations that provided guidance on the implementation of privacy rights and consumer protections established by the CCPA. What resulted was a set of regulations that established procedures for compliance with certain requirements set forth in the CCPA, as well as clarified important transparency and accountability mechanisms for businesses subject to the law. Then, in January 2021, the attorney general issued amendments to the CCPA regulations, which were approved in part by the Office of Administrative Law and made effective March 15, 2021.
Originally published in Conference on Consumer Finance Law Quarterly Report; reprinted with permission.