SNCJ Deep Dive : CA Releases CPRA Data Privacy Draft Rules
In today’s show, we discuss the draft rules California regulators released in May in advance of the state’s latest privacy law – the California Privacy Rights Act – going into effect next January. To get a handle on what those highly anticipated draft rules did and did not contain and what happens now, we are joined by reporter Joseph Duball, who covers all things data privacy for the International Association of Privacy Professionals.
The Basics: A growing number of states have adopted their own data privacy laws similar to the EU’s General Data Protection Regulation, or GDPR. First and foremost among them has been California, which adopted the CA Consumer Protection Act (CCPA), which lawmakers approved in 2018 and which went into effect in 2020. Voters subsequently approved a follow up ballot measure (Prop 24) later that year which enshrines even more protections into the state’s privacy law, including the creation of a dedicated state agency to implement and enforce those laws.
The new law, the CA Privacy Rights Act, goes into effect in January, 2023 and begins enforcement in July. To that end, regulators on June 8th released their initial set of proposed CPRA rules. These are NOT the final rules by any means, but they are a significant step toward what will eventually be the most stringent state data privacy standard in the U.S.