We’ve written a fair bit here about your privacy protections in California; a new item intended for the November ballot could advance those cutting-edge protections even further.

Californians for Consumer Privacy — the same group that backed the 2018 privacy legislation — has submitted more than 900,000 signatures to support putting the California Privacy Rights Act (CPRA) in front of voters. While an official announcement has yet to come out of the California Secretary of State’s office, that number would put the measure well beyond the 623,212 signatures required for an initiative statute to reach the Nov. 3 ballot.

A key focus of the act is making sure consumers can maintain control over their personal information, which in today’s online-saturated world easily can be harvested and used by businesses and others. And with rapid innovation plus more people working online amid the coronavirus pandemic, the privacy landscape is constantly changing.

The ballot measure has three primary objectives, according to the group:

• Stop businesses from using or selling sensitive personal information — such as about health, finances, or exact locations — without consent.
• Triple the fines for collecting and selling children’s private information. The initial fines were established in the 2018 California Consumer Privacy Act. There also would be an opt-in consent to sell from consumers younger than 16. 
• Establish a California Privacy Protection Agency as the enforcement arm to protect consumer privacy rights. Such an agency would emphasize transparency and putting consumers back in control of their data.

The new measure also would build on several other aspects of the previous law. That includes giving consumers the ability to search online without pop-ups or sale of their information, establishing penalties if an email plus password were stolen due to negligence, allowing for correction of data, and preventing companies from collecting more information/storing it longer than necessary. High-risk data processors would be required to complete regular cybersecurity audits and risk assessments, and the law would be protected from legislation that could weaken it.

As we have written previously, the 2018 law didn’t distinguish between a person’s role as a consumer or as an employee, giving California residents a strong footing for making privacy requests of their employers — which often hold incredibly sensitive information.

One wild card in all this is the coronavirus pandemic — trade groups had requested that enforcement of the 2018 privacy law be delayed until January (rather than July 1) given COVID-19 concerns, according to Forbes. That won’t happen, but they may get some break: California Attorney General Xavier Becerra submitted the final regulations on June 1; the Office of Administrative Law has 30 working days — plus 60 additional calendar days because of the pandemic — to review the package, file the final regulation text and make the rules enforceable by law.

Stay tuned as we follow the development of these important privacy protections.

If you need help understanding your legal protections regarding privacy, contact Keller Grover for a free consultation. In more than 25 years litigating fraud and employment cases, the lawyers at Keller Grover have recovered hundreds of millions for clients and class members. 

See more that we’ve written about California privacy laws.