Cyber/Data/Privacy

California Privacy Rights Act of 2020 – CPRA

On January 1, 2023, the California Privacy Rights Act of 2020 (CPRA) will amend the California Consumer Privacy Act of 2018 (CCPA) with sweeping ramifications for businesses in California and globally that collect personal information about Californians. The law broadly governs the collection, use and disclosure of personal information about California residents – including consumers, employees, job applicants, business contacts, children and other categories of individuals – as well as information about their households and devices.

The CPRA created a new privacy regulator – the California Privacy Protection Agency (CPPA) – charged with adopting implementing regulations and enforcing the law. Both the CPPA and the California attorney general may seek civil penalties of up to $2,500 per violation of the law or up to $7,500 for each intentional violation or violation involving children under 16. The law also provides a private right of action allowing California residents affected by certain data breaches to seek up to $750 in statutory damages per individual per incident or actual damages, whichever is greater. The CPPA has proposed draft regulations and is expected to publish final regulations by the end of 2022.

If you need assistance with CPRA compliance, please contact a member of Cooley’s cyber/data/privacy group.

Resources

• Cooley Flowchart: Does CPRA Apply? (effective January 1, 2023)
• Cooley Flowchart: Does CCPA Apply? (effective before January 1, 2023)
• Cooley CPRA Snapshot
• California Privacy Rights Act of 2020 – full text
• California Consumer Privacy Act Regulations
• California Privacy Protection Agency Rulemaking on CPRA
• California Privacy Protection Agency website
• California Attorney General CCPA page
• California Attorney General CCPA Enforcement Case Examples

US Privacy Compliance Journey webinar series

• CPRA Roadmap
• Due Diligence and Gap Assessment
• Unpacking the CPRA Regulations and Prioritizing Compliance Efforts
• Approaching the Finish Line

Please note that continuing legal education credit is only available for the live webcast of these programs. Cooley is not able to provide CLE credit for on-demand recordings at this time.

Blog posts

• California Legislature Passes Children’s Privacy Bills
• California Legislature Declines to Extend the CCPA’s HR and B2B Exemptions
• California Attorney General Announces $1.2 Million CCPA Settlement With Sephora Amid Ongoing Enforcement Sweep
• California Voters Pass the California Privacy Rights Act of 2020
• California Legislature Passes One-Year Extension of CCPA’s Human Resources and B2B Exemptions
• CCPA Regulations Take Effect August 14, 2020, California AG Announces Final Revisions
• CCPA Roundup: Enforcement Begins; ‘CCPA 2.0’ Qualifies for November Ballot; Facebook Updates CCPA Stance
• California Attorney General Submits Final CCPA Regulations for Review
• Round 3: California AG Revises Proposed CCPA Regulations
• Round 2: California AG Revises Proposed CCPA Regulations
• Private and Public CCPA Enforcement Will Launch on January 1, 2020, Despite California AG Delay
• Tardy for the CCPA Party? Tips for Your Last Month Before the Deadline
• The DAA Announces the Development of New CCPA Tools for Ad Industry
• IAB Issues Draft CCPA Framework
• California AG Releases Draft CCPA Regulations and Governor Signs CCPA Amendments Into Law
• Closing Bell: California Legislature Passes Numerous CCPA Amendments and Other Privacy Bills on Final Day of 2019 Session
• Effort to Exempt ‘HR Data’ From CCPA Falters
• CCPA Amendments: Expanded Private Right of Action Blocked; Exclusion of HR Data Advances
• Notes From First CCPA Public Forum in San Francisco