On May 4, 2020 Alastair Mactaggart and the Californians for Consumer Privacy made a post on Twitter that caught many in the Privacy space by surprise – they had secured enough signatures to qualify the California Privacy Rights Act (CPRA or CCPA 2.0) for the November 2020 ballot. Many thought the group would likely struggle to get the 675,000 signatures required to make the ballot given the current global health crisis, however, Mactaggart said they had collected 900,000 signatures in total.  

According to its creators, the goal of the CPRA is to address certain limitations within the CCPA that the backers found could be improved. The CPRA would create several amendments to the CCPA as we know it currently, including adding new consumer rights and updating definitions. It would also change the threshold to qualify as a business; the requirement for consumer data bought, sold, collected, or shared would be increased from 50,000 to 100,000. Additionally, the CPRA includes a proposal for a new California regulatory body that would be responsible for enforcing privacy regulations in the state. It would also extend the current exceptions for business to business information and employee information to January 1, 2023.  

The next step to get the CPRA on the November 2020 ballot is for officials to count and ensure that there are at least 675,000 valid signatures from registered California voters. This needs to be completed by June 25, 2020 to appear on the ballot. If the CPRA is passed, which early polling suggests is very likely, it would take effect on January 1, 2023.  
The new issue of  Data Protection Leader from OneTrust DataGuidance is now available to download with insight and discussion from leading privacy professionals around the most pressing developments in the privacy landscape. Discover key takeaways from recent webinars as well as interviews with regulators and thought leaders. 

“As our liberties and our lives as we knew them are put on hold, there is a troubling question that is becoming more pressing by the day: will privacy be one of COVID-19’s victims? Fortunately, the evidence is robust: Unlikely.” – Eduardo Ustaran, Hogan Lovells. (Page 4) 


This month’s issue features in-depth articles from Eduardo Ustaran, Partner at Hogan Lovells, who discusses the impact of COVID-19 on the data protection compliance of organisations and governments; Felipe  Palhares, Partner at  Palhares  Advogados, who looks at the postponement to the LGPD; and Stuart  Beraha  and Takaki Sato from Latham & Watkins, who discuss the legal framework governing personal data transferred from the UK to Japan.  


“While postponing the LGPD could be helpful for companies and public bodies that have not started their path towards compliance, it will surely be harmful for Brazil.” – Felipe Palhares, Palhares Advocatos. (Page 12) 


As part of the ‘Regulator Spotlight’ series, OneTrust DataGuidance interviewed  Professor Joe  Cannataci, United Nations Special Rapporteur on the Right to Privacy; as well as meeting with  Petruta  Pirvan, Global Data Privacy Compliance Manager at A.P. Moller-Maersk, as part of the ‘Thought Leaders In Privacy’ series.   


“People’s reflections on the right to privacy, which is so universal, and the way they react to it, tend to be quite different as you go from country to country” – Joe Cannataci, United Nations Special Rapporteur on the Right to Privacy. (Page 16) 

Visit OneTrust DataGuidance to download the full version of Data Protection Leader and discover additional editorials looking at the implications of Brexit; breach notification in Australia, the EU and California; and much more.   
For more information on the CPRA, download the webinar California Privacy Rights Act (CCPA 2.0): Everything You Need to Know

To read the full text of the CPRA, click here.   

OneTrust is the industry leader in privacy management software. To learn how we can help your business comply with the CCPA, visit Onetrust.com/CCPA-Compliance