California Privacy Rights Act: Difference between revisions

U.S. Senate
U.S. Senate
	1849; 1850; 1852 sp; 1856; 1857 sp; 1860; 1860 sp; 1868; 1872; 1873; 1873 sp; 1878; 1880; 1885; 1886 sp; 1887; 1891; 1891 sp; 1893; 1895 sp; 1897; 1900 sp; 1903; 1905; 1909; 1911; 1914; 1916; 1920; 1922; 1926; 1928; 1932; 1934; 1938; 1940; 1944; 1946; 1946 sp; 1950; 1952; 1954 sp; 1956; 1958; 1962; 1964; 1968; 1970; 1974; 1976; 1980; 1982; 1986; 1988; 1992; 1992 sp; 1994; 1998; 2000; 2004; 2006; 2010; 2012; 2016; 2018; 2022; 2022 sp; 2024; 2024 sp; 2028;

U.S. President
U.S. President
	1852; 1856; 1860; 1864; 1868; 1872; 1876; 1880; 1884; 1888; 1892; 1896; 1900; 1904; 1908; 1912; 1916; 1920; 1924; 1928; 1932; 1936; 1940; 1944; 1948; 1952; 1956; 1960; 1964; 1968; 1972; 1976; 1980; 1984; 1988; 1992; 1996 Dem; Rep; ; 2000 Dem; Rep; ; 2004 Dem; Rep; ; 2008 Dem; Rep; ; 2012 Dem; Rep; ; 2016 Dem; Rep; ; 2020 Dem; Rep; ; 2024 Dem; Rep; ;

Proposition 24
Privacy Rights and Enforcement Act Initiative
Results
For 60%–70% 50%–60%	Against 60%–70% 50%–60%

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 21:45, 25 July 2024

The California Privacy Rights Act of 2020 (CPRA), also known as Proposition 24, is a California ballot proposition that was approved by a majority of voters after appearing on the ballot for the general election on November 3, 2020.^[1]^[2]^[3] This proposition expands California's consumer privacy law and builds upon the California Consumer Privacy Act (CCPA) of 2018, which established a foundation for consumer privacy regulations.^[4]

The proposition enshrines more provisions in California state law, allowing consumers to prevent businesses from sharing their personal data, correct inaccurate personal data, and limit businesses' usage of "sensitive personal information", which includes precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information. The Act creates the California Privacy Protection Agency as a dedicated agency to implement and enforce state privacy laws, investigate violations, and assess penalties of violators.^[5] Under the CCPA the provisions applied to businesses buying, selling, or sharing personal information of 50,000 or more consumers, the CPRA expanded this scope by raising the threshold to 100,000 or more consumers. In addition to the consumer protections, The Act also removes the set time period in which businesses can correct violations without penalty, prohibits businesses from holding onto personal data for longer than necessary, triples the maximum fines for violations involving children under the age of 16 (up to $7,500), and authorizes civil penalties for the theft of specified login information.^[6]^[7]

The California Privacy Rights Act took effect on January 1, 2023, applying to personal data collected on or after January 1, 2022.^[8] The law cannot be repealed by the state legislature, and any amendments made by the legislature must be “consistent with and further the purpose and intent” of the Act.^[9]

Background

As technology has become more integrated into daily life lawmakers around the world have pushed for greater regulation of data privacy. Beginning in 1950, the European Convention on Human Rights asserted that data privacy should be subject to legal protections. Several episodes of unknown use and sale of consumer data, such as the Cambridge Analytica scandal, have resulted in US lawmakers seeking better protect data privacy protection. Additionally, the EU’s passage of the General Data Protection Regulation in 2018 spurred greater interest in adopting a similar measure in the US. The GDPR is the strictest data privacy law in the world, with few exceptions and hefty fines. The push to transition away from a laissez-faire approach to internet regulation in the US comes admist related discussion on regulating other cutting edge technology such as AI. In California, these concerns manifested as the California Consumer Protection Act somewhat modeled on the EU’s GDPR.

The passage of the CCPA place California at the forefront of state-level data privacy protections. The CPPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart. He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020. Due to the CCPA’s scaled back nature amendments to further its scope and protections were likely. In 2020 Proposition 24 or the CPRA appeared on the California ballot. The CPRA was designed to amend the CCPA to expand consumer data privacy. Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA. The CPRA was passed with 56.2% of California voters in favor of the proposition and went into effect on January 1, 2023.^[10]

The CPRA represents an expansion of provisions first laid out by the California Consumer Privacy Act. Key changes include requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.^[2] The CPRA also altered the CCPA to apply to businesses buying, selling, or sharing personal information of 100,000 or more consumers compared to the previous 50,000 or more. In addition to the consumer protections, the proposition creates the California Privacy Protection Agency.^[1] The agency initially shared consumer privacy oversight and enforcement duties with the California Department of Justice.^[1] As of April 21, 2022 the agency has taken over full responsibility of rulemaking and enforcement of the CCPA.

Purpose and Intentions

The purpose of the Act are to provide California residents with the right to:

Know who is collecting their and their children's personal information, how it is being used, and to whom it is disclosed.
Control the use of their personal information, including limiting the use of their sensitive personal information.
Have access to their personal information and the ability to correct, delete, and transfer their personal information.
Exercise their privacy rights through easily accessible self-serve tools.
Exercise their privacy rights without being penalized.
Hold businesses accountable for failing to take reasonable information security precautions.
Benefit from businesses' use of their personal information.
Have their privacy interests protected even as employees and independent contractors.^[2]

Notes

References

^ Dustin, Gardiner (September 21, 2020). "California's Proposition 24 would protect data-privacy law from being weakened in Legislature". San Francisco Chronicle. Retrieved September 24, 2020.
^ ^a ^b "Text of Proposed Laws - Proposition 24" (PDF). California Secretary of State.
^ Hooks, Chris Nichols, Kris. "What We Know About California Proposition Results". www.capradio.org. Retrieved 2020-11-11.{{cite web}}: CS1 maint: multiple names: authors list (link)
^ "California Consumer Privacy Act (CCPA)". State of California - Department of Justice - Office of the Attorney General. 2018-10-15. Retrieved 2020-11-09.
^ "California Proposition 24: New rules for consumer data privacy". CalMatters. 9 September 2020. Retrieved 2020-11-09.
^ "California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)". Ballotpedia. Retrieved September 24, 2020.
^ "Proposition 24 Official Title and Summary | Official Voter Information Guide | California Secretary of State". voterguide.sos.ca.gov. Retrieved 2020-12-10.
^ "Move Over, CCPA: The California Privacy Rights Act Gets the Spotlight Now". news.bloomberglaw.com. Retrieved 2020-12-10.
^ "The California Privacy Rights Act (CPRA) Has Been Enacted into Law". www.paulhastings.com. Retrieved 2020-12-10.
^ "Complete Statement of Vote, November 3, 2020" (PDF). California Secretary of State. December 11, 2020. Retrieved July 22, 2024.

[1] Dustin, Gardiner (September 21, 2020). "California's Proposition 24 would protect data-privacy law from being weakened in Legislature". San Francisco Chronicle. Retrieved September 24, 2020.

[:1-2] "Text of Proposed Laws - Proposition 24" (PDF). California Secretary of State.

[3] Hooks, Chris Nichols, Kris. "What We Know About California Proposition Results". www.capradio.org. Retrieved 2020-11-11.{{cite web}}: CS1 maint: multiple names: authors list (link)

[:0-4] "California Consumer Privacy Act (CCPA)". State of California - Department of Justice - Office of the Attorney General. 2018-10-15. Retrieved 2020-11-09.

[5] "California Proposition 24: New rules for consumer data privacy". CalMatters. 9 September 2020. Retrieved 2020-11-09.

[6] "California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)". Ballotpedia. Retrieved September 24, 2020.

[7] "Proposition 24 Official Title and Summary | Official Voter Information Guide | California Secretary of State". voterguide.sos.ca.gov. Retrieved 2020-12-10.

[8] "Move Over, CCPA: The California Privacy Rights Act Gets the Spotlight Now". news.bloomberglaw.com. Retrieved 2020-12-10.

[9] "The California Privacy Rights Act (CPRA) Has Been Enacted into Law". www.paulhastings.com. Retrieved 2020-12-10.

[10] "Complete Statement of Vote, November 3, 2020" (PDF). California Secretary of State. December 11, 2020. Retrieved July 22, 2024.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

@@ Line 37: / Line 37: @@
 As technology has become more integrated into daily life lawmakers around the world have pushed for greater regulation of data privacy. Beginning in 1950, the European Convention on Human Rights asserted that data privacy should be subject to legal protections. Several episodes of unknown use and sale of consumer data, such as the Cambridge Analytica scandal, have resulted in US lawmakers seeking better protect data privacy protection. Additionally, the EU’s passage of the General Data Protection Regulation in 2018 spurred greater interest in adopting a similar measure in the US. The GDPR is the strictest data privacy law in the world, with few exceptions and hefty fines. The push to transition away from a laissez-faire approach to internet regulation in the US comes admist related discussion on regulating other cutting edge technology such as AI. In California, these concerns manifested as the California Consumer Protection Act somewhat modeled on the EU’s GDPR.
-The passage of the CCPA place California at the forefront of state-level data privacy protections. The CPPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart. He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020. Due to the CCPA’s scaled back nature amendments to further its scope and protections were likely. In 2020 Proposition 24 or the CPRA appeared on the California ballot. The CPRA was designed to amend the CCPA to expand consumer data privacy. Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA. The CPRA was passed with 56.2% of California voters in favor the the proposition and went into effect on January 1, 2023.<ref>{{Cite web |date=December 11, 2020 |title=Complete Statement of Vote, November 3, 2020 |url=https://elections.cdn.sos.ca.gov/sov/2020-general/sov/complete-sov.pdf |access-date=July 22, 2024 |website=California Secretary of State |language=en}}</ref>
+The passage of the CCPA place California at the forefront of state-level data privacy protections. The CPPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart. He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020. Due to the CCPA’s scaled back nature amendments to further its scope and protections were likely. In 2020 Proposition 24 or the CPRA appeared on the California ballot. The CPRA was designed to amend the CCPA to expand consumer data privacy. Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA. The CPRA was passed with 56.2% of California voters in favor of the proposition and went into effect on January 1, 2023.<ref>{{Cite web |date=December 11, 2020 |title=Complete Statement of Vote, November 3, 2020 |url=https://elections.cdn.sos.ca.gov/sov/2020-general/sov/complete-sov.pdf |access-date=July 22, 2024 |website=California Secretary of State |language=en}}</ref>
 The CPRA represents an expansion of provisions first laid out by the [[California Consumer Privacy Act]]. Key changes include requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.<sup>[2] </sup> The CPRA also altered the CCPA to apply to businesses buying, selling, or sharing personal information of 100,000 or more consumers compared to the previous 50,000 or more. In addition to the consumer protections, the proposition creates the California Privacy Protection Agency.<sup>[1]</sup> The agency initially shared consumer privacy oversight and enforcement duties with the [[California Department of Justice]].<sup>[1]</sup> As of April 21, 2022 the agency has taken over full responsibility of rulemaking and enforcement of the CCPA.

v t e Privacy
Principles	Right of access to personal data Expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy
Privacy laws	Australia Brazil Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Sri Lanka Switzerland United Kingdom United States California, amended in 2020
Data protection authorities	Australia Denmark European Union France Germany India Indonesia Ireland Isle of Man Netherlands Norway Philippines Poland South Korea Spain Sweden Switzerland Thailand Turkey United Kingdom
Areas	Consumer Digital Education Medical Workplace
Information privacy	Law Financial Internet Facebook Google Twitter Email Personal data Personal identifier Social networking services Privacy-enhancing technologies Privacy engineering Privacy-invasive software Privacy policy Privacy software Secret ballot Virtual assistant privacy
Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Data Privacy Lab Electronic Frontier Foundation Electronic Privacy Information Center European Digital Rights Future of Privacy Forum Global Network Initiative International Association of Privacy Professionals NOYB Privacy International
See also	Anonymity Cellphone surveillance Data security Eavesdropping Global surveillance Identity theft Mass surveillance Panopticon PRISM Search warrant Wiretapping Human rights Personality rights
Category