On May 4th, 2020, Californians for Consumer Privacy confirmed that they had submitted hundreds of thousands more signatures than required to qualify for a ballot initiative. It is still yet unknown whether the Attorney General will qualify the ballot for the November 2020 election, let alone whether it would pass. If the initiative passes, it will be noteworthy for a number of reasons.

  • Effect on Other Legislation.
    • CCPA.Over the course of 2018 and several periods of intense negotiations during 2019, California passed and significantly amended the novel California Consumer Privacy Act (“CCPA”). Widely known as the first omnibus privacy state legislation of its kind in the United States, consumers and industry advocates alike worked hard to prepare for the CCPA in the lead up to its January 1, 2020 effective date. Companies overhauled their privacy policies, revamped their contract templates, and designed new systems with the goal of complying with this legislation. If the ballot initiative appears on the November ballot, and if it passes, companies will have to reconsider and likely augment the privacy programs that they just built. Some of the new features of the ballot initiative include a new correction right, a new agency to enforce privacy law in California, as well as a clarification that protecting security and preventing fraud and illegal activity is a business purpose.
    • Personnel privacy rights. Unless extended, partial exemptions under the CCPA for employees’ and business-to-business data are scheduled to expire at the end of 2020. The ballot initiative would provide a two-year extension of the employee and business-to-business data exemptions.
    • Amending the ballot initiative. The bill can only be amended if the amendments further the intent and purpose of the ballot initiative, which significantly limits the potential for legislative change.
  • Creating Inefficiencies with Federal Privacy Law. Several of the ballot initiative’s new provisions apply to newly defined sensitive personal information. However, this same data already is regulated by federal agencies and laws (such as protected health information regulated under the Health Insurance Portability And Accountability Act), and the ballot initiative doesn’t change the CCPA’s existing exemptions.
  • The Silver Lining: Congress. If the ballot initiative passes, businesses will likely will need to augment the privacy programs recently established to comply with the CCPA. These efforts may take place alongside other state legislatures’ attempts to pass privacy legislation, and could create a complex regime of multiple states enacting different privacy laws.  The 2023 effective date for the ballot initiative would provide Congress a defined window of time to intervene and preempt an emerging patchwork system of privacy laws.  That said, it is not clear that Congress would act in a sufficiently timely way to avoid the need for companies to expend significant energy operationalizing the ballot initiative.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.