In November, Californians approved a ballot measure, Proposition 24, a.k.a. the California Privacy Rights Act (CPRA), to create a new consumer data privacy agency. It puts California yet another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018. It went into effect in January 2020, and enforcement officially began this past July.
The CCPA was supposed to help keep California from passing a more stringent privacy initiative via ballot. “CCPA is probably one of the leading privacy laws in the US that protects consumers today,” says Christophe Bertrand, analyst at Enterprise Strategy Group, but it was originally supposed to be more restrictive. “It was the product of many political negotiations that weakened the final product.”
That’s not going to happen with the new law. Once passed, it can only be strengthened, not weakened. It did pass. The CPRA was approved by voters 56% to 44%.