On November 3rd, 2020, California voters approved Proposition 24, a ballot measure that created the California Privacy Rights Act of 2020 (CPRA). Also called the California Privacy Rights and Enforcement Act of 2020, CPRA amends and expands portions of the state’s existing data privacy law, the California Consumer Privacy Act (CCPA).
The CPRA establishes a new baseline for consumer data privacy in California, increasing consumer rights, placing additional obligations on businesses, and establishing a new dedicated agency to oversee and enforce data privacy rules. It also expands the type of data covered through a wider definition of sensitive personal information (PI), including geolocation, race, genetic information, and more. Businesses must make it even easier for consumers to access, correct, or delete their data—and consumers’ opt-out rights from the CCPA have been expanded under CPRA.
Finally, the act introduces new GDPR-style governance measures and establishes a new enforcement body called the California Privacy Protection Agency, the first dedicated privacy protection agency established in the United States. This agency will address policymaking and enforcement of privacy laws previously managed by the California Attorney General.