On May 4, the Californians for Consumer Privacy (led by Alistair McTaggart, the real estate investor and activist behind the original ballot initiative that led to the CCPA), announced in a letter that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot. This version of the CPRA, commonly referred to as “CCPA 2.0”, would amend the CCPA to create new and additional privacy rights and obligations. Specifically, it would:
- Sensitive Personal Information. Establish a new category of “sensitive personal information” to which new consumer privacy rights would apply. This category would be defined to include: Social Security Number, driver’s license number, passport number, financial account information, precise geolocation, race, ethnicity, religion, union membership, personal communications, genetic data, biometric or health information, and information about sex life or sexual orientation
- Right to Correction. Grant consumers the right to request correction of inaccurate personal information held by a business.
- Increased Fines and New Opt-In for Children’s Data. Triple fines for violating the CCPA’s existing right to opt-in to sales and would create a new requirement to obtain opt-in consent to sell or share data from consumers under the age of 16.
- Clarify Data Breach Liability. Amend the data breach liability provision to clarify that breaches resulting in the compromise of a consumer’s email address in combination with a password or security question and answer that would permit access to the consumer’s account are subject to the relevant provision.
- Enforcement. Establish the California Privacy Protection Agency to enforce the law, instead of the California Attorney General’s Office.
To view the announcement, click here.
To view the proposed CPRA, click here.