Voters Approve Amendment to CCPA Law

ccpa law
Print Friendly, PDF & Email

Californians took to the polls last week and decisively voted to approve Proposition 24, the California Privacy Rights Act, an amendment to the recently-enacted California Consumer Privacy Act (“CCPA”). The amendments to CCPA law are expected to strengthen protections to what is already the foremost data privacy law in the Country.

How will the amendments change CCPA law?

The following is a non-exhaustive list of some of the changes that Proposition 24 will introduce to CCPA law:

  • Altering the definition of a “covered business” in ways that are both beneficial to business and ways that are intrusive;
    • The amendment pushes up the threshold of the number of consumers that trigger compliance obligations from 50,000 to 100,000, creating some breathing room for smaller businesses;
    • Includes “sharing” data on the list of restricted activities.
  • Creating a new “Sensitive Personal Information” category, including information that reveals a consumer’s Social Security Number, passport number, and/or driver’s license number, in conjunction with providing consumers with the ability to notify businesses not to use certain categories of information, including information related to health, religion, race, geolocation, and sexual orientation;
  • Providing a right for consumers to request that businesses correct personal information if the consumer finds it to be inaccurate;
  • Expanding CCPA law’s “right to know,” by extending a consumer’s right to request what information is sold to information that is also shared (i.e., released, rented, disclosed, made available, transferred, etc.), even where the information is not shared for monetary or other valuable consideration;
  • Creating a new California governmental body, the Privacy Protection Agency, that will be tasked with promulgating rules to give effect to CCPA law, as well as enforcing the privacy law, a role that currently is assigned to the California Department of Justice; and
  • Tripling the applicable fine amount when violations affect individuals who are younger than 16 years of age.

The CPRA does not become enforceable until 2023.  It also extends the current delay of the CCPA’s application to business-to-business communications and human resources data until 2023.  This should provide affected companies ample opportunity to study the new law’s prospective impact on their businesses and prepare for compliance implementation. 

Compliance with CCPA law

Companies that operate websites must understand the importance of ensuring that their data gathering and sharing practices meet the ever-increasing consumer friendly standards of the CCPA.  Businesses should also anticipate that the CCPA will serve as a model for other jurisdictions, including the federal government, for future data privacy legislation.  In the interim, it is important to keep apprised of all CCPA-related developments, including any regulations issued by the newly constituted Privacy Protection Agency.  As the Privacy Protection Agency is expected to aggressively enforce the law, it is critical to work closely with experienced compliance counsel to ensure that privacy practices and procedures remain compliant with applicable regulations.

If you require assistance with consumer data privacy compliance for your business, please email us at, or call us at (212) 246-0900.

The material contained herein is provided for information purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Photo by Element5 Digital on Unsplash

Similar Blog Posts:

CCPA 2.0 on California’s November Ballot

CCPA Amendment Passes, Creating New HIPAA-related Exceptions

CCPA Opt-Out Changed?

David O. Klein

David O. Klein

David Klein is one of the most recognized attorneys in the telemarketing, technology, Internet marketing, sweepstakes and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Schedule a Call
In The Know

Trending Topics

New York Sweepstakes Law blog- Klein Moynihan Turco

New York Sweepstakes Law: Are You Compliant?

Print Friendly, PDF & Email

In general, a lottery exists when entrants pay for the chance to win a prize. States alone reserve the right to administer lotteries. Businesses can eliminate one element of what would otherwise be an illegal lottery, in order to transform it into a legal promotional game. If the requirement to

TCPA surveys

An Ad or not an Ad: NY Weighs in on TCPA Surveys

Print Friendly, PDF & Email

Another day, another court decision that refines constitutes a Telephone Consumer Protection Act (“TCPA”) unsolicited fax advertisement. A Manhattan-based federal court recently issued a decision that removes faxed invitations to participate in a survey from the TCPA definition of advertisement. In drawing this distinction for TCPA surveys, the Court held

NY sports gambling law- Klein Moynihan Turco

Agreement Reached to Enact NY Sports Gambling Law

Print Friendly, PDF & Email

This week, Governor Andrew Cuomo and the New York State Legislature agreed to a budget deal that will bring mobile sports betting to the State through a unique NY sports gambling law.  Upon the Governor’s signature, NY sports gambling is primed to become the nation’s largest market. However, New York

UK and US Social Media Influencer Laws

UK and US Social Media Influencer Laws

Print Friendly, PDF & Email

In September of 2020, the United Kingdom’s (“UK”) Committee of Advertising Practice (“CAP”) reviewed the Instagram accounts of 122 UK-based social media influencers to determine whether content was being properly flagged as advertising in accordance with applicable social media influencer laws. This past March, the UK Advertising Standards Authority (“ASA”)

Share on facebook
Share on google
Share on twitter
Share on linkedin