As Final Calif. Privacy Regs Drop, Enforcement Fights Loom

Privacy Partner Ashley Shively was quoted in a Law360 article about the lack of clarity regarding key terms in the California Consumer Privacy Act (CCPA). The California attorney general declined to clarify several key ambiguities in his final rules for implementing the state's landmark privacy law, leaving businesses bracing for enforcement battles and putting the spotlight on a likely ballot initiative that is poised to further complicate matters. The proposed ballot initiative, the California Privacy Rights Act (CPRA), would expand the CCPA in a number of ways. Between the coronavirus pandemic and the significant lift required for companies to prepare for the July 1 enforcement deadline, the CPRA has largely flown under the radar for many companies, although that's likely to soon change. Many companies appear hesitant to invest heavily in implementing the draft CCPA regulations that are available, due to factors including the still-evolving nature of the rules and the potential for a federal law that could preempt California's requirements. But with the coronavirus pandemic stalling most lawmaking efforts and the regulations essentially finalized, these efforts are likely to become even more of a priority for companies.

"With the enforcement deadline coming up, there's an urgency again that will need to be balanced with emergent pandemic-related issues, including the privacy issues that are going to come up in connection with reopening companies in the coming months," Ms. Shively said. "It's going to be a struggle for everyone."

READ: As Final Calif. Privacy Regs Drop, Enforcement Fights Loom