On Election Day in California, voters will not only be determining choices among candidates standing for election, but they will also be deciding the fate of Proposition 24, referred to as the California Privacy Rights Act (CPRA).  Proposition 24 is intended to build upon the California Consumer Privacy Act (CCPA) that came into force at the beginning of 2020. Among other things, the CPRA would create a California Privacy Protection Agency, a new regulatory agency that would ultimately take over privacy enforcement responsibility from the Office of the California Attorney General.

Among the areas that would be affected by the CPRA would be a clear ban on discrimination against anyone choosing to ask a company to delete their information and opt-out of marketing communications, stronger rights to prevent data sharing by companies (e.g., cross-context behavioral advertising), clearer mechanisms to enable consumers to correct information that is not accurate and a requirement that companies tell consumers how long they plan to retain the information.

Proposition 24 would also legitimize marketing and promotional schemes that offer consumers a discount or access to benefits in exchange for voluntarily disclosing personally identifiable information (e.g., in the context of rewards or loyalty programs).  Privacy and data protection proponents and opponents have long debated whether consumers should have an option to pay for privacy – viewed as a logical consequence of offering benefits in exchange for information that can be used for marketing and promotional purposes.

Since the CCPA came into force, companies have already been scrambling to comply.  If Proposition 24 passes and CCPA 2.0 comes into force, companies will again have to review and likely revamp their policies and practices to deal with the added new compliance obligations. Just as significantly, a separate California Consumer Privacy Agency would likely end up brining many more enforcement actions since protecting the privacy rights of California consumers will be its only mission.  Proponents of Proposition 24 say that may well be a good thing for California consumers, but they also argue that an agency solely focused on data protection will also mean more clarity, consistency and guidance surrounding some of the nuances of the California requirements.

Stay tuned. Election day is only a week away.