What is the California Privacy Rights and Enforcement Act?

What is the California Privacy Rights and Enforcement Act?

The California Privacy Rights and Enforcement Act of 2020, also known as Proposition 24, provides California residents with legislation aimed at protecting the privacy of consumers by giving them greater control over businesses and corporations’ use of their personal information. More specifically. The CCPA grants California residents the rights to:

While a previous California Privacy Rights Act or CCPA was passed in 2019, the 2020 legislation or CCPA 2.0 expands on the privacy rights granted to residents of the state. Speaking generally, the CCPA 2.0 amends the CCPA by heightening privacy protections, expanding the reach and scope of consumer rights laws, and establishing an enforcement agency to identify and act upon threats relating to consumer privacy through enforcement of the law. More particularly, improvements implemented with the CCPA 2.0 include:

The California Privacy Protection Agency is tasked with vigorously enforcing the privacy rights of California residents by means of law enforcement. Moreover, the agency is comprised of appointed experts in privacy, consumer rights, and technology, and provides guidance to both businesses and consumers concerning the navigation of California privacy laws. Furthermore, the agency has the authority to investigate suspected violations of privacy laws, issue administrative fines and injunctions, and bring a civil action against alleged violators.

Who must comply with the CCPA?

The CCPA does not solely apply to businesses physically located within the state of California, as all businesses that impact California residents are forced to maintain CCPA compliance at all times. Under the CCPA, a business is defined to include any legal entity that engages in any of the following actions:

As such, the CCPA is geared primarily towards large data brokers, social networks, and data brokers. Conversely, small businesses or medium-sized businesses, non-profits, and individuals who engage in financial transactions with California residents will not meet the criteria stated above, and subsequently are exempt from maintaining compliance with the CCPA.

What are businesses’ obligations under the California Privacy Protection Act of 2020?

Under CCPA 2.0, obligations that businesses must adhere to include setting forth responsibilities that essentially function as privacy principles such as data security, purpose and storage limitations, and transparency. More specific responsibilities include:

Ultimately, it is up to both businesses and consumers to work together to ensure that personal and sensitive information is safeguarded at all times. While it is important that businesses respect the privacy rights of California residents, it is also imperative that consumers understand what their rights are and how to exercise them. What’s more, as the state of California continues to improve upon legislation as was the case with the CCPA 2.0, consumers must stay on top of these changes and the impact that they will have on their digital interactions in the future. As time goes on, more and more personal information will continue to be shared on the internet through various platforms, and no amount of legal precedent or legislation will ever be able to fully combat those who are looking to use this information for dubious purposes.

Related Reads