Monday, 23 December 2024

California Privacy Rights Act is Passed – The Significant Changes

California voters had approved Proposition 24, the California Privacy Rights Act, with 56% of voters supporting the measure, in November 2020. EPIC previously published an analysis of Proposition 24, noting that the measure “would make some important improvements to privacy protections for California residents, particularly through the establishment of a California Privacy Protection Agency.” In 2018, the State of California enacted the California Consumer Privacy Act of 2018 (“CCPA”), the first comprehensive consumer privacy law enacted in the United States. Proposition 24 significantly changes the CCPA. EPIC has also published a resource to help California residents exercise their rights under the CCPA.

The Significant Changes

CPRA advocates believe the law will not only strengthen consumer rights under the existing CCPA but also help drive the push for national data privacy standards. Significant changes include:

  1. Expanded consumer rights 

It also expands on three existing rights:

  • Right of deletion: Service providers, contractors, and third parties will be required to cooperate with businesses’ requests to delete personal information.
  • Right to know: The CPRA expands the consumer’s right to know what personal information has been collected, as well as the duration of its data retention.
  • Right to opt-out: The CPRA strengthens an individual’s right to opt-out of sharing personal information for cross-contextual behavioral advertising.
  1. Expansion of private right of action

Under the CPRA, a consumer will be able to bring claims against a company for unauthorized access to or disclosure of an email address and password. Consumers can also take action against a company if a security question and answer that permits access to the consumer’s account is disclosed, leading to exposure of user data.

The Future

While there is no way to predict how the CPRA will evolve over time, one trend we are seeing is the move toward more stringent privacy laws. To be prepared, security and business leaders should continually be proactive about their cybersecurity and privacy programs so they can react agilely to changes and help deflect risks.

Direct Publication Source: https://epic.org/california-voters-pass-california-privacy-rights-act/

Comments


You May Like These Too


Get Latest Updates