In November 2020, Californians voted to approve the California Privacy Rights Act of 2020 (CPRA). Although most of the CPRA provisions take effect on January 1, 2023, the act is applicable to personal information collected by a business with a presence in California on or after January 1, 2022. The new regulation also provides that the CCPA’s business-to-business and personnel carve-outs will expire when the CPRA takes effect.
For companies that directly interface with end user consumers and engage in activities that make commercial use of, of otherwise monetize, their personal information, the January 2023 effective date of the CPRA may prove to be a challenging deadline to meet given the need to operationalize the new requirements of the CPRA.
Other noteworthy changes include:
- Creation of a “sensitive personal information” category subject to new disclosure requirements and restrictions.
- New rights for consumers including the right to correct, opt-out from sharing for cross-context behavioral advertising, limit the use of sensitive personal information, and rights related to automated decision making.
- New obligations including to carry out privacy impact assessments and audits.
Elliot Golding, Glenn Brown and Lydia de la Torre of our Data Privacy & Cybersecurity Practice will provide an overview of the CPRA and its interplay with the CCPA, as well as a discussion on what can be done now to start preparing for compliance.
This program is pending 1.0 hour of CLE in AZ, CA, NJ and NY. If you need another jurisdiction, please email Robin Hallagan, Legal Training Manager.