California Privacy Rights Act: Difference between revisions
Added additional content from sandbox user:Lillianbroschart/sandbox Tags: Visual edit Mobile edit Mobile web edit |
→References: rm Category:Privacy law and Category:Information privacy, already in subcats |
||
(7 intermediate revisions by 5 users not shown) | |||
Line 13: | Line 13: | ||
| map = 2020 California Proposition 24 results map by county.svg |
| map = 2020 California Proposition 24 results map by county.svg |
||
| mapcaption = |
| mapcaption = |
||
{{col- |
{{col-begin}} |
||
{{col-2}} |
{{col-2}} |
||
'''For''' |
'''For''' |
||
Line 35: | Line 35: | ||
== Background == |
== Background == |
||
As technology has become more integrated into daily life lawmakers around the world have pushed for greater regulation of data privacy.<ref name=": |
As technology has become more integrated into daily life lawmakers around the world have pushed for greater regulation of data privacy.<ref name=":03">{{Cite journal |last=Saquella |first=Alexandria J |date=January 2020 |title=Personal Data Vulnerability: Constitutional Issues with the California Consumer Privacy Act |journal=Jurimetrics |volume=60 |issue=2 |pages=215–45 |via=EBSCOhost}}</ref> Beginning in 1950, the European Convention on Human Rights asserted that data privacy should be subject to legal protections.<ref name=":03"/><ref name=":13">{{Cite journal |last=Lisowski |first=Jena |date=March 1, 2024 |title=California Data Privacy Law and Automated Decision-making |journal=The Journal of Corporation Law |volume=49 |issue=3 |pages=701–26 |via=EBSCOhost}}</ref> Several episodes of unknown use and sale of consumer data, such as the Cambridge Analytica scandal, have led to US lawmakers pursuing better data privacy protections particularly those at the state-level.<ref name=":03"/><ref name=":2">{{Cite journal |last=Rothstein |first=Mark A. |last2=Tovino |first2=Stacey A. |date=September 2019 |title=California Takes the Lead on Data Privacy Law |url=https://onlinelibrary.wiley.com/doi/10.1002/hast.1042 |journal=Hastings Center Report |language=en |volume=49 |issue=5 |pages= |doi=10.1002/hast.1042 |issn=0093-0334}}</ref> Additionally, the EU’s passage of the General Data Protection Regulation (GDPR) in 2018 spurred greater interest in adopting a similar measure in the US.<ref name=":13"/> The GDPR is the strictest data privacy law in the world, with few exceptions and hefty fines. In California, these concerns manifested as the California Consumer Protection Act somewhat modeled on the EU’s GDPR.<ref name=":13"/> |
||
The CCPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart.<ref name=":2" /> He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020.<ref name=": |
The CCPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart.<ref name=":2" /> He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020.<ref name=":13"/> In 2020 Proposition 24, or the CPRA, appeared on the California ballot. The CPRA was designed to amend the CCPA to expand consumer data privacy.<ref name=":3">{{Cite web |title=Text of Proposed Laws |url=https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf |access-date=July 23, 2024 |website=California Secretary of State}}</ref> Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA.<ref name=":13"/> The CPRA was passed with 56.2% of California voters in favor of the proposition and went into effect on January 1, 2023.<ref>{{Cite web |date=December 11, 2020 |title=Complete Statement of the Vote |url=https://elections.cdn.sos.ca.gov/sov/2020-general/sov/complete-sov.pdf |access-date=July 22, 2024 |website=California Secretary of State}}</ref> |
||
The initiative represents an expansion of provisions first laid out by the [[California Consumer Privacy Act]]. In addition to the consumer protections, the proposition creates the California Privacy Protection Agency.<ref name=":0" /> The agency |
The initiative represents an expansion of provisions first laid out by the [[California Consumer Privacy Act]]. Key changes include requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.<ref name=":32">{{Cite web |title=Text of Proposed Laws |url=https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf |access-date=July 23, 2024 |website=California Secretary of State}}</ref> The CPRA also altered the CCPA to apply to businesses buying, selling, or sharing personal information of 100,000 or more consumers compared to the previous 50,000 or more.<ref name=":32" /> In addition to the consumer protections, the proposition creates the California Privacy Protection Agency.<ref name=":0" /> The agency initially shared consumer privacy oversight and enforcement duties with the California Department of Justice.<ref name=":0" /> Another effect of the initiative is requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.<ref name="CASOS">{{cite web | url=http://www.sos.ca.gov/elections/ballot-measures/qualified-ballot-measures/ |title=Qualified Statewide Ballot Measures |publisher=[[Secretary of State of California]] |access-date=July 2, 2020}}</ref> |
||
== |
== Purpose and intentions == |
||
The overall intention of the act is to resolve information asymmetry between consumers and businesses concerning the use of personal information. To that end the key rights of the Act include: |
|||
The intentions of the Act are to provide California residents with the right to: |
|||
# Control the use of personal information and limiting the use of sensitive personal information through the right to opt out of sale. |
|||
# Know who is collecting their and their children's personal information, how it is being used, and to whom it is disclosed. |
|||
# |
# The ability to correct, delete, and transfer personal information. |
||
# The right to easily accessible self-serve tools to opt-out of sale or limit use of personal data |
|||
# Have access to their personal information and the ability to correct, delete, and [[Data portability|transfer]] their personal information. |
|||
# Exercise |
# Exercise privacy rights without being penalized or discriminated against. |
||
⚫ | |||
# Exercise their privacy rights without being penalized. |
|||
# Know who is collecting a child's personal information, how it is being used, and to whom it is disclosed.<ref name=":33">{{Cite web |title=Text of Proposed Laws |url=https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf |access-date=July 23, 2024 |website=California Secretary of State}}</ref> |
|||
⚫ | |||
# Benefit from businesses' use of their personal information. |
|||
# Have their privacy interests protected even as employees and independent contractors.<ref name=":1" /> |
|||
The primary purpose of the CPRA is to further protect personal consumer information.<ref name=":03"/> The act defines consumer information as any information that could reasonably identify or be related to a specific person or household.<ref name=":03" /><ref name=":33" /> This includes names, addresses, email address, social security number, and characteristics defined as being protected under California and federal law such as race, gender, or religion.<ref name=":33" /> The CPRA also alters the criteria for businesses to be subject to the act. The act applies to businesses meeting any of the three following criteria: (1) have $25 million in annual gross revenue in the preceding year (2) buys, sells, or shares the personal information of 100,000 or more consumers or households (3) businesses whose majority of revenue (50% or more) is earned from selling or sharing personal consumer information.<ref name=":13"/><ref name=":33" /> |
|||
== Polls == |
|||
{| class="wikitable" style="font-size:90%;text-align:center;" |
|||
The ability to revoke consent for a business to sell or share a consumer's information through easily accessible tools is an integral part of the CPRA's modification of the CCPA. The CPRA mandates that a business' homepage must clearly display a link titled "Do Not Sell My Personal Information."<ref name=":33" /> A business may not require a consumer to make an account or go through multiple steps to opt out.<ref name=":33" /> This right essentially permits Californian consumers to require businesses to stop selling their information, thereby preventing the kinds of misuse and unknown sales of personal data that spurred the creation of the CCPA.<ref name=":03" /> |
|||
|- valign=bottom |
|||
! Poll source |
|||
! Date(s)<br>administered |
|||
! Sample<br>size{{efn|name=key|Key:<br>A – all adults<br>RV – registered voters<br>LV – likely voters<br>V – unclear}} |
|||
! Margin<br>of error |
|||
! style="width:100px;"| For Proposition 24 |
|||
! style="width:100px;"| Against Proposition 24 |
|||
! Undecided |
|||
|- |
|||
| style="text-align:left;"|[https://curated.tncontentexchange.com/states/california/prop-24-the-california-privacy-rights-act-receives-support-from-77-of-likely-california-voters/article_e50364e5-79a7-5746-8229-c2067305b95f.html Goodwin Simon Strategic Research/YES on Prop 24]{{efn-ua|name=yeson24}} |
|||
| September 29 – October 5, 2020 |
|||
| 750 (LV) |
|||
| – |
|||
|style="background: rgb(1,223,116);"|'''77%''' |
|||
|11% |
|||
|12% |
|||
|- |
|||
| style="text-align:left;"|[https://redfieldandwiltonstrategies.com/california-presidential-proposition-22-and-proposition-24-voting-intentions-19-21-september/ Redfield & Wilton Strategies] |
|||
|September 19–21, 2020 |
|||
|1,915 (LV) |
|||
| – |
|||
|style="background: rgb(1,223,116);"|'''60%''' |
|||
|17% |
|||
|23% |
|||
|- |
|||
| style="text-align:left;"|[https://curated.tncontentexchange.com/states/california/prop-24-the-california-privacy-rights-act-receives-support-from-77-of-likely-california-voters/article_e50364e5-79a7-5746-8229-c2067305b95f.html Goodwin Simon Strategic Research/YES on Prop 24]{{efn-ua|name=yeson24|Poll sponsored by a campaign which supported Proposition 24 prior to this poll's sampling period}} |
|||
| July 26–31, 2020 |
|||
| – (V){{efn|Not yet released}} |
|||
| – |
|||
|style="background: rgb(1,223,116);"|'''81%''' |
|||
|11% |
|||
|8% |
|||
|} |
|||
== Results == |
== Results == |
||
Line 105: | Line 71: | ||
[[Category:2020 California ballot propositions]] |
[[Category:2020 California ballot propositions]] |
||
[[Category:California statutes]] |
[[Category:California statutes]] |
||
[[Category:Privacy law]] |
|||
[[Category:Data protection]] |
[[Category:Data protection]] |
||
[[Category:Information privacy]] |
|||
[[Category:Data laws of the Americas]] |
[[Category:Data laws of the Americas]] |
||
[[Category:Internet privacy legislation]] |
[[Category:Internet privacy legislation]] |
Latest revision as of 01:18, 11 November 2024
| ||||||||||
Privacy Rights and Enforcement Act Initiative | ||||||||||
Results | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
|
Elections in California |
---|
The California Privacy Rights Act of 2020 (CPRA), also known as Proposition 24, is a California ballot proposition that was approved by a majority of voters after appearing on the ballot for the general election on November 3, 2020.[1][2][3] This proposition expands California's consumer privacy law and builds upon the California Consumer Privacy Act (CCPA) of 2018, which established a foundation for consumer privacy regulations.[4]
The proposition enshrines more provisions in California state law, allowing consumers to prevent businesses from sharing their personal data, correct inaccurate personal data, and limit businesses' usage of "sensitive personal information", which includes precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information. The Act creates the California Privacy Protection Agency as a dedicated agency to implement and enforce state privacy laws, investigate violations, and assess penalties of violators.[5] The Act also removes the set time period in which businesses can correct violations without penalty, prohibits businesses from holding onto personal data for longer than necessary, triples the maximum fines for violations involving children under the age of 16 (up to $7,500), and authorizes civil penalties for the theft of specified login information.[6][7]
The California Privacy Rights Act took effect on January 1, 2023, applying to personal data collected on or after January 1, 2022.[8] The law cannot be repealed by the state legislature, and any amendments made by the legislature must be “consistent with and further the purpose and intent” of the Act.[9]
Background
[edit]As technology has become more integrated into daily life lawmakers around the world have pushed for greater regulation of data privacy.[10] Beginning in 1950, the European Convention on Human Rights asserted that data privacy should be subject to legal protections.[10][11] Several episodes of unknown use and sale of consumer data, such as the Cambridge Analytica scandal, have led to US lawmakers pursuing better data privacy protections particularly those at the state-level.[10][12] Additionally, the EU’s passage of the General Data Protection Regulation (GDPR) in 2018 spurred greater interest in adopting a similar measure in the US.[11] The GDPR is the strictest data privacy law in the world, with few exceptions and hefty fines. In California, these concerns manifested as the California Consumer Protection Act somewhat modeled on the EU’s GDPR.[11]
The CCPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart.[12] He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020.[11] In 2020 Proposition 24, or the CPRA, appeared on the California ballot. The CPRA was designed to amend the CCPA to expand consumer data privacy.[13] Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA.[11] The CPRA was passed with 56.2% of California voters in favor of the proposition and went into effect on January 1, 2023.[14]
The initiative represents an expansion of provisions first laid out by the California Consumer Privacy Act. Key changes include requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.[15] The CPRA also altered the CCPA to apply to businesses buying, selling, or sharing personal information of 100,000 or more consumers compared to the previous 50,000 or more.[15] In addition to the consumer protections, the proposition creates the California Privacy Protection Agency.[4] The agency initially shared consumer privacy oversight and enforcement duties with the California Department of Justice.[4] Another effect of the initiative is requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.[16]
Purpose and intentions
[edit]The overall intention of the act is to resolve information asymmetry between consumers and businesses concerning the use of personal information. To that end the key rights of the Act include:
- Control the use of personal information and limiting the use of sensitive personal information through the right to opt out of sale.
- The ability to correct, delete, and transfer personal information.
- The right to easily accessible self-serve tools to opt-out of sale or limit use of personal data
- Exercise privacy rights without being penalized or discriminated against.
- Hold businesses accountable for failing to take reasonable information security precautions.
- Know who is collecting a child's personal information, how it is being used, and to whom it is disclosed.[17]
The primary purpose of the CPRA is to further protect personal consumer information.[10] The act defines consumer information as any information that could reasonably identify or be related to a specific person or household.[10][17] This includes names, addresses, email address, social security number, and characteristics defined as being protected under California and federal law such as race, gender, or religion.[17] The CPRA also alters the criteria for businesses to be subject to the act. The act applies to businesses meeting any of the three following criteria: (1) have $25 million in annual gross revenue in the preceding year (2) buys, sells, or shares the personal information of 100,000 or more consumers or households (3) businesses whose majority of revenue (50% or more) is earned from selling or sharing personal consumer information.[11][17]
The ability to revoke consent for a business to sell or share a consumer's information through easily accessible tools is an integral part of the CPRA's modification of the CCPA. The CPRA mandates that a business' homepage must clearly display a link titled "Do Not Sell My Personal Information."[17] A business may not require a consumer to make an account or go through multiple steps to opt out.[17] This right essentially permits Californian consumers to require businesses to stop selling their information, thereby preventing the kinds of misuse and unknown sales of personal data that spurred the creation of the CCPA.[10]
Results
[edit]The proposition passed with roughly 55% of California voters voting in favor of the measure.[18]
Notes
[edit]- Partisan clients
References
[edit]- ^ Dustin, Gardiner (September 21, 2020). "California's Proposition 24 would protect data-privacy law from being weakened in Legislature". San Francisco Chronicle. Retrieved September 24, 2020.
- ^ "Text of Proposed Laws - Proposition 24" (PDF). California Secretary of State.
- ^ Hooks, Chris Nichols, Kris. "What We Know About California Proposition Results". www.capradio.org. Retrieved 2020-11-11.
{{cite web}}
: CS1 maint: multiple names: authors list (link) - ^ a b c "California Consumer Privacy Act (CCPA)". State of California - Department of Justice - Office of the Attorney General. 2018-10-15. Retrieved 2020-11-09.
- ^ "California Proposition 24: New rules for consumer data privacy". CalMatters. 9 September 2020. Retrieved 2020-11-09.
- ^ "California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)". Ballotpedia. Retrieved September 24, 2020.
- ^ "Proposition 24 Official Title and Summary | Official Voter Information Guide | California Secretary of State". voterguide.sos.ca.gov. Retrieved 2020-12-10.
- ^ "Move Over, CCPA: The California Privacy Rights Act Gets the Spotlight Now". news.bloomberglaw.com. Retrieved 2020-12-10.
- ^ "The California Privacy Rights Act (CPRA) Has Been Enacted into Law". www.paulhastings.com. Retrieved 2020-12-10.
- ^ a b c d e f Saquella, Alexandria J (January 2020). "Personal Data Vulnerability: Constitutional Issues with the California Consumer Privacy Act". Jurimetrics. 60 (2): 215–45 – via EBSCOhost.
- ^ a b c d e f Lisowski, Jena (March 1, 2024). "California Data Privacy Law and Automated Decision-making". The Journal of Corporation Law. 49 (3): 701–26 – via EBSCOhost.
- ^ a b Rothstein, Mark A.; Tovino, Stacey A. (September 2019). "California Takes the Lead on Data Privacy Law". Hastings Center Report. 49 (5). doi:10.1002/hast.1042. ISSN 0093-0334.
- ^ "Text of Proposed Laws" (PDF). California Secretary of State. Retrieved July 23, 2024.
- ^ "Complete Statement of the Vote" (PDF). California Secretary of State. December 11, 2020. Retrieved July 22, 2024.
- ^ a b "Text of Proposed Laws" (PDF). California Secretary of State. Retrieved July 23, 2024.
- ^ "Qualified Statewide Ballot Measures". Secretary of State of California. Retrieved July 2, 2020.
- ^ a b c d e f "Text of Proposed Laws" (PDF). California Secretary of State. Retrieved July 23, 2024.
- ^ Morrison, Sara (2020-11-03). "Live results for California's data privacy ballot initiative". Vox. Retrieved 2020-11-08.