On Monday, May 4, 2020, Californians for Consumer Privacy – the organization behind the ballot initiative that was the genesis of the California Consumer Privacy Act of 2018 (CCPA) – announced that it is submitting signatures to qualify the California Privacy Rights Act (CPRA) for the November 2020 ballot. According to the announcement, “well over 900,000 signatures” will be submitted in counties across the state over the next several days.

The CPRA would give consumers additional rights and impose new obligations on organizations. Some of the most striking provisions of the CPRA include:

  1. Creating new rights over the use of “sensitive personal information” (defined to include data such as finances, health and exact location) by businesses.
  2. Increasing safeguards for children’s privacy by tripling the existing CCPA fines for collecting and selling children’s private information.
  3. Establishing a new authority to protect these rights, the California Privacy Protection Agency.

According to the announcement, recent polling by Goodwin Simon Strategic Research shows 88% of Californians are supportive of initiatives designed to provide control of personal information, and establishing protections in regards to how children’s data is used and would vote YES to support a ballot measure expanding privacy protections for personal information.

The process to qualify an initiative in California is complex and, depending on the percent of invalidated signatures, may lead to disqualification of the initiative.  Because the number of signatures that the proponents announced they will file is above the minimum needed, the Secretary of State will order county elections officials for every county receiving signatures to proceed with a validation by random sample. County officials will then report the totals validated for the respective samples to the Secretary of State, who will apply a formula to determine the projected number of statewide total valid signatures. If that number falls above 110% of the needed signatures, the ballot will automatically qualify. Conversely, if it falls below 95%, the initiative will be disqualified. If, the number falls between 95% and 110%, a full check of all of the signatures will take place, which will prolong the process.

Ultimately, if the Secretary of State makes the determination that Californians for Consumer Privacy submitted enough valid signatures, we will see CPRA in the California ballot in November. If the possible inclusion of the CPRA on the ballot in November leads to negotiations with legislators in Sacramento, the proponents may withdraw the initiative any time prior to the 131st day before the next statewide general election.

In sum, if the CPRA goes through the signature validation process without surprises, and the proponents have not withdrawn it prior to June 25, 2020, Californians will vote on the CPRA in November.

In the meanwhile, as we highlighted in a prior post, despite the request for a delay made by five leading advertising and marketing trade associations, the California Attorney General has announced that enforcement of CCPA is imminent. Therefore, organizations should plan accordingly and bear in mind that the existing carve-outs for employee data and business to business communications may expire at the end of 2020.