May 11, 2021

Volume XI, Number 131


May 10, 2021

Subscribe to Latest Legal News and Analysis

CCPA 2.0 Has Enough Signatures to Qualify for November 2020 Ballot

On May 4, 2020 the Californians for Consumer Privacy announced in a letter that it had met the 900,000-signature threshold to qualify the Consumer Privacy Rights Act (CPRA) for California’s November 2020 ballot. If the required number of signatures are verified, which will be decided by June 25, CPRA will be on the November ballot. The CPRA is often referred to as CCPA 2.0 and would create a number of new and additional privacy rights and obligations for California consumers. Some of the notable provisions are as follows:

  1. Consumers would have the right to opt-in to the use of sensitive data in sharp contrast from the CCPA, which provides a sale opt-out right. The definition of sensitive personal information would also be amended to include information about health, finances and a consumer’s precise geolocation.

  2. Consumers would have the right to opt out of advertisers using their precise geolocation (less than one-third of a mile).

  3. California residents would have the right to request that a business correct personal information that is inaccurate. This is similar to the right of rectification under the Global Data Protection Regime.

  4. The private right of action would be broadened to include breaches of personal information that include a California resident’s email address in combination with a password or security question/answer if that information results from the failure to maintain adequate security procedures and practices.

In addition to including these novel privacy rights, the CPRA would also limit the legislature from amending the bill in a way that limits its scope and would create a new enforcement agency called the California Privacy Protection Agency (Agency). The Agency would be charged with implementing and enforcing consumer privacy laws. Its broad mandate would include enacting additional rules under the CPRA by 2022, conducting audits and hearings, and undertaking public education efforts to be funded by the fines collected and placed within a privacy protection fund.

Hal Lenox and Harry Lightsey, principals with Hawksbill Advisors, contributed to this article. Hawksbill Advisors possess decades of experience in local, state, federal and global government affairs and international relations. Learn more at

© 2021 Varnum LLPNational Law Review, Volume X, Number 134



About this Author

Jeffrey M. Stefan II Auto and Emerging Technology Attorney Varnum Law Firm

Jeffrey is a technology-focused corporate attorney with broad legal authority in autonomous and connected vehicles. He previously served as autonomous vehicle counsel for a major global automaker providing regulatory counsel and transactional support. Prior to that role, he supported the automaker's emerging technology portfolio, which included connected vehicle services and other advanced safety technologies.

Jeffrey helps his clients navigate the evolving legal and public policy landscape for new and emerging technologies. He additionally focuses on technology startups assisting...

Charumati Ganesh Data Privacy Attorney Varnum

Charu holds a CIPP/US certification and focuses her legal practice on Data Privacy and Cybersecurity. Charu represents clients in a number of industries, including autonomous and connected vehicles and the consumer data marketplace. Charu is able to skillfully navigate the intricacies of the rapidly-evolving data privacy and cybersecurity regulatory landscape and help her clients develop policies and procedures that comply with both international and domestic privacy laws.

Charu has represented clients in the insurance, manufacturing and agricultural industries through regulatory...