On May 4, 2020, the Californians for Consumer Privacy Rights group reported the collection of over 900,000 signatures to qualify the proposed California Consumer Privacy Rights Act (CPRA) for the November 2020 ballot. If the CPRA is ultimately approved, it will amend the California Consumer Privacy Act (CCPA) to add and expand privacy rights and obligations to California consumers. The following are some noteworthy provisions:
- Creation of a new category of “sensitive personal information.” Sensitive personal information includes Social Security Numbers, driver’s license numbers, financial account information, precise geolocation, and biometric information. The CPRA would place limits on the use and sharing of “sensitive personal information” and give Californians the right to prevent businesses from using this type of information.
- Establishment of an Enforcement Arm. Currently, the California Attorney General enforces the CCPA. The CPRA would establish the California Privacy Protection Agency to protect consumers’ rights.
- Creation of a New Privacy Right of Action. The CPRA would provide a private right of action for a breach of an email address in combination with a password and security question/answer permitting access to a California consumer’s email account.
- A Right to Correction. California consumers would be given the right to request a business correct any inaccurate personal information.
- Enhancement of Children’s Data. The CPRA would triple the current CCPA fines for collecting and selling children’s data.
The next step will be to verify these 900,000 signatures. Once this is complete, the CPRA will be eligible to appear on the November ballot and will automatically appear on the ballot unless the Californians for Consumer Privacy Rights group withdraws its initiative.