TAG Cyber Law Journal: 10 Questions About California’s Newest Privacy Law

November 17, 2020

O’Melveny special counsel Scott Pink participated in a Q&A with Tag Cyber Law Journal about California’s recently approved California Privacy Rights Act (CPRA), the new California Privacy Protection Agency the Act will establish, and what distinguishes the CPRA from the California Consumer Protection Act (CCPA).

When asked for his thoughts on the most important provisions of the CPRA and how it differs from the CCPA, Pink highlighted “[t]he creation of a data protection agency, the expansion of the opt-out right to ‘sharing’ and cross-contextual advertising, the increased rights to control use of sensitive personal information, and the expansion of the publicly available information exception.” Additionally, the new regulating agency established under the CPRA won’t entirely replace the California Attorney General’s office as the enforcer of privacy laws. “The attorney general will retain the right to bring civil actions for civil penalties, unless the agency has already issued an administrative decision or order against the same person or company,” he noted.

While the CPRA will not be fully in place until Jan. 1, 2023, many businesses will have to prepare for some provisions to go into effect as early as January 1, 2021. “It depends on the particular company and what data it collects,” Pink said of how he is advising clients to comply with these new measures. “One area of particular focus are new opt-outs of sharing and cross-contextual advertising.”

Pink also noted that he expects the new law will influence other states that have been considering drafting their own privacy laws.

Read the full interview here.