One of the most ubiquitous technologies on the web may become a liability risk for businesses. Learn about Google Analytics, wiretap lawsuits, and how to protect your company.
Passed by voters in 2020, the California Privacy Rights Act (CPRA) made significant changes to the state’s existing privacy law, the California Consumer Privacy Act (CCPA). The CPRA includes several new privacy obligations, and helps bring the law closer in line with its European counterpart, the General Data Protection Regulation.
Businesses that are required to comply with the CPRA were given two years to bring their operations into compliance, but the law’s effective date and enforcement date are fast approaching.
The CPRA has two very important dates: the date when it goes into effect and the date when it becomes enforceable.
The CPRA goes into effect on January 1, 2023. On that day, it replaces the prior version of the CCPA, and businesses that don’t follow its requirements will be out of compliance.
However, in order to ease the transition for businesses, the new provisions of the CPRA do not become enforceable until July 1, 2023. This means that, even if they are non-compliant, businesses can not be subject to fines or injunctions with regard to the new requirements. This date is also significant because it is when the newly created California Privacy Protection Agency (CPPA) will take over enforcement duties from the Attorney General’s office.
The six-month delay in enforcement should not lull businesses into a false sense of complacency, because the old requirements of the CCPA are still enforceable. The California Attorney General can impose fines for non-compliance, and has already done so. Businesses therefore should not treat this a free grace-period to ignore CCPA compliance altogether, but instead should be working as quickly as possible to incorporate the new privacy requirements, some of which are quite substantial.
There are a few reasons for this:
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.