The CPRA v. the CCPA Playbook
21 September 2022
Dear clients and friends,
The California Privacy Rights and Enforcement Act (“CPRA“) enters into force on 1 January 2023.
The CPRA amends the current privacy law in California (the California Consumer Privacy Act (“CCPA“)) and introduces various material and procedural changes to the current data privacy compliance standards.
While the CPRA brings the California data protection standards closer to the one companies may be familiar with from the European Data Protection Regulation (“GDPR“), these laws vary in many aspects (see our detailed comparative analysis between these laws and the additional recent privacy laws enacted in a number of US states).
Failing to comply with the provisions of the CPRA can result in fines up to $2,500 for each violation, and up to $7,500 in case the violation is concerning the personal information of a minor under the age of 16. The California Attorney General has already initiated significant enforcement measures against violators of the California privacy laws, and not complying with the CPRA poses a major risk to companies doing business online in California.
Companies that have prepared for the CCPA and addressed the applicable requirements in their data processing activities, will have to review their practices, procedures and policies, and further adjust them to meet the amended CPRA’s requirements.
To assist with understanding the updated requirements, we are pleased to present Herzog’s CCPA v. CPRA Playbook. Our Playbook provides a focused overview of the key changes presented by the CCPA, and the respective practical steps that companies, which have prepared for the CCPA, must take now in order to comply with the updated requirements.
You may also be interested in reviewing some of our additional Technology & eCommerce Regulation in the Spotlight updates from the past weeks. These updates covered notable regulatory and industry compliance developments in a variety of fields, including personal data protection, age-appropriation design regulation, crypto licensing and cyber requirements for product with digital elements.