October 24, 2020

Volume X, Number 298


October 23, 2020

Subscribe to Latest Legal News and Analysis

October 22, 2020

Subscribe to Latest Legal News and Analysis

October 21, 2020

Subscribe to Latest Legal News and Analysis

CPRA Proponents Submit Over 900,000 Signatures for Ballot Initiative

On Monday, May 4, 2020, Californians for Consumer Privacy – the organization behind the ballot initiative that was the genesis of the California Consumer Privacy Act of 2018 (CCPA) – announced that it is submitting signatures to qualify the California Privacy Rights Act (CPRA) for the November 2020 ballot. According to the announcement, “well over 900,000 signatures” will be submitted in counties across the state over the next several days.

The CPRA would give consumers additional rights and impose new obligations on organizations. Some of the most striking provisions of the CPRA include:

  1. Creating new rights over the use of “sensitive personal information” (defined to include data such as finances, health and exact location) by businesses.

  2. Increasing safeguards for children’s privacy by tripling the existing CCPA fines for collecting and selling children’s private information.

  3. Establishing a new authority to protect these rights, the California Privacy Protection Agency.

According to the announcement, recent polling by Goodwin Simon Strategic Research shows 88% of Californians are supportive of initiatives designed to provide control of personal information, and establishing protections in regards to how children’s data is used and would vote YES to support a ballot measure expanding privacy protections for personal information.

The process to qualify an initiative in California is complex and, depending on the percent of invalidated signatures, may lead to disqualification of the initiative.  Because the number of signatures that the proponents announced they will file is above the minimum needed, the Secretary of State will order county elections officials for every county receiving signatures to proceed with a validation by random sample. County officials will then report the totals validated for the respective samples to the Secretary of State, who will apply a formula to determine the projected number of statewide total valid signatures. If that number falls above 110% of the needed signatures, the ballot will automatically qualify. Conversely, if it falls below 95%, the initiative will be disqualified. If, the number falls between 95% and 110%, a full check of all of the signatures will take place, which will prolong the process.

Ultimately, if the Secretary of State makes the determination that Californians for Consumer Privacy submitted enough valid signatures, we will see CPRA in the California ballot in November. If the possible inclusion of the CPRA on the ballot in November leads to negotiations with legislators in Sacramento, the proponents may withdraw the initiative any time prior to the 131st day before the next statewide general election.

In sum, if the CPRA goes through the signature validation process without surprises, and the proponents have not withdrawn it prior to June 25, 2020, Californians will vote on the CPRA in November.

In the meanwhile, as we highlighted in a prior post, despite the request for a delay made by five leading advertising and marketing trade associations, the California Attorney General has announced that enforcement of CCPA is imminent. Therefore, organizations should plan accordingly and bear in mind that the existing carve-outs for employee data and business to business communications may expire at the end of 2020.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 128



About this Author

Lauren Kitces Data Privacy & Cybersecurity Attorney Squire Patton Boggs Washington DC

Lauren Kitces is a member of our Data Privacy & Cybersecurity Practice, where she provides business-oriented privacy and cybersecurity advice to a wide range of clients, leveraging her in-house experience to provide mindful guidance. She has strong international experience, which she uses to help translate pre-existing international efforts into US regulatory compliance. Lauren enjoys the nuance and complexities that come with being in a field that is still evolving and forming both nationally and internationally.

Lauren utilizes her analytical thought-process and over 10 years...

Lydia de la Torre Data Privacy & Cybersecurity Attorney Squire Patton Boggs Palo Alto, CA
Of Counsel

Lydia de la Torre provides strategic privacy compliance advice related to US and EU privacy, including data protection and cybersecurity law, General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), other state’s privacy and cyber laws, US financial privacy laws, and marketing and advertising compliance, as well as information security. She also represents clients in investigations with an eye toward helping them avoid litigation.

Lydia’s work in-house and with organizations has run the gamut, from pre-IPO start-ups to mature Fortune 500 companies, in a multitude of industries, including e-commerce, fintech and computer hardware. This experience has provided her with a direct understanding of client concerns.

Before joining the firm, Lydia served as co-director of the Santa Clara Law School Data Privacy Certificate Program, where she continues to teach privacy law.

Lydia is a frequently invited speaker on privacy-related topics, such as the freedom of speech implications of privacy laws, ethics and privacy, the application of privacy laws to blockchain technology, financial privacy laws and the CCPA. She is also a prolific writer and has been published in a variety of outlets, from mainstream media to privacy and legal publications. She is the editor of Golden Data, a Medium publication focused on data laws.

Lydia is a member of the California Lawyers Association’s Antitrust and Privacy Section and an adjunct professor at Santa Clara Law School.