Proposed “California Privacy Rights Act” Explained (with Redline)
By Sundeep Kapur
The California Privacy Rights Act (the “CPRA”) has enough signatures to qualify for inclusion in California’s November 2020 ballot. Though we still await the California AG’s final regulations on the CCPA, the CPRA would build upon the CCPA to impose additional requirements, such as:
Requiring a right of opt-out for “cross-context behavioral advertising,” regardless of whether such activity includes a “sale”;
Requiring a right of opt-out for limiting certain use of “sensitive personal information” (e.g., Social Security Number, driver’s license number, precise geolocation, financial account information);
Allowing consumers to submit requests for “correction” of personal information;
Requiring additional provisions in contracts between (a) businesses and (b) service providers or contractors, such as an obligation of express notice if a service provider or contractor cannot meet its obligations to such businesses; and
Requiring businesses to pass down deletion requests to third parties to whom they have sold personal information.