The California Privacy Rights Act (CPRA) is a new ballot initiative that is very likely to find itself in front of voters this November. If passed, the CPRA will strengthen and extend the scope of the current California Consumer Privacy Act (CCPA).
Since most technology companies operate on a global basis at this point, they will end up triggering thresholds for data collection of California residents to make the CCPA and CPRA applicable. Further, the CPRA was clearly written with the General Data Protection Regulation (GDPR) in mind, and represents a growing international movement to extend GDPR principles. GDPR set the standard for privacy as a human right and good privacy governance as a legal obligation for companies.
While the CPRA is NOT law at this point, the current state of the ballot process in California makes it very likely that the CPRA will become law, and will be enforceable by 2023. The ballot advocates just need to have their signatures confirmed (likely) and then have their ballot approved by California voters (very likely).
To help you think about the CPRA in context with its peers, we’ve put together a handy comparison table.
We hope you find this useful. If you have questions about how the CPRA would effect your business, or how to proceed with a coherent global privacy program in light of all these requirements, the folks at Lucid are here to help.
If you found this piece valuable, please give us a few hearty claps and follow us for ongoing updates. We also welcome discussion — please leave your comments and feedback in a response below!
The Lucid Privacy Group actively manages privacy strategy and operations and serves as DPO for startups and rapidly scaling technology companies. We come at the issues with a pro-privacy, product and technology orientation, and can translate arcane legalese into real world, pragmatic terms. Drop us a line at firstname.lastname@example.org or visit us on the web or Twitter.