The California Consumer Privacy Act (CCPA), which took effect at the beginning of this year, protects the privacy of consumers of The Golden State by giving them greater control over businesses’ use of their personal information.

Specifically, the CCPA grants California consumers the rights to:

Despite a set of amendments to the CCPA passed in 2019 and the California Attorney General’s Final Regulations, the coalition at Californians for Consumer Privacy placed the California Privacy Rights and Enforcement Act of 2020 (CPRA), commonly referred to as CCPA 2.0, on the November 2020 ballot to give Californians the opportunity to vote on updated privacy law.

In general, CCPA 2.0 amends the CCPA by expanding consumer rights, heightening privacy protections, and establishing an enforcement agency to protect consumers through vigorous enforcement of the law.

CCPA 2.0: Key Differences with the CCPA

CCPA 2.0 sets forth key differences with the current CCPA.

In particular, CCPA 2.0 would:

CCPA 2.0: Consumer Rights

CCPA 2.0 grants consumers the following rights:

CCPA 2.0: Businesses’ Responsibilities

CCPA 2.0 would place additional obligations on businesses, including setting forth responsibilities that essentially amount to privacy principles, such as transparency, purpose and storage limitations, and data security.

In particular, the law would:

  1. Impose general duties on businesses that collect consumers’ personal information. This includes informing consumers of the collection of their sensitive personal information. The collection, use, retention, and sharing of this personal information must be “reasonably necessary and proportionate” to the purposes of processing and obligating businesses to implement reasonable security measures to protect the confidentiality, integrity, and availability of personal information.
  2. Mandate rules for the notice, disclosure, correction, and deletion requirements.
  3. Specify the methods for limiting the sale, sharing, and use of consumers’ personal and sensitive personal information, such as the provision of a clear and conspicuous link called Limit the Use of My Sensitive Personal Information.

CCPA 2.0: Implementation & Enforcement

The CCPA 2.0 calls for vigorous protection of consumers’ privacy rights.

To that end, it would create the California Privacy Protection Agency to implement and enforce the law. Comprised of appointed experts in privacy, technology, and consumer rights, the agency would provide guidance to businesses and consumers on their responsibilities and rights, respectively.

The agency would also have the authority to investigate alleged violations of the law, bring civil actions against violators, issues injunctions, and levy administrative fines.

In addition, recognizing that CCPA 2.0 must keep pace with changes, the law would require future amendments further the law and privacy protections. Finally, CCPA 2.0 updates the CCPA’s definitions, such as the newly defined “profiling” and “sensitive personal information,”  and revises exemptions.

CCPA 2.0: Timeline and Next Steps

The California Attorney General has issued a notice on the proposed CCPA 2.0.

Currently, CCPA 2.0 is on the November 2020 ballot. Californians will have the opportunity to vote this ballot initiative into law, thereby expanding the CCPA’s consumer safeguards and rights. Notably, on the California November 2020 ballot, the CCPA 2.0 is also called Proposition 24.

Following in California’s footsteps, IllinoisNevadaNew York, and Washington are next in line, with privacy legislation expected to be passed in 2020.

Further reading: 

To learn more about how OneTrust can help your business comply with the CCPA, visit OneTrust for CCPA or request a demo today.