California’s CCPA 2.0: Does the US finally have a data privacy Act?
Graham Greenleaf analyses the law against international standards, and its implications for a future US federal data privacy law.
On the day of the US Presidential election, Californians voted to pass Proposition 24, enacting the California Privacy Rights Act of 2020 (CPRA), in order to amend the current California Consumer Privacy Act (CCPA), which took effect earlier in 2020. The new law is known to some as “CCPA 2.0” to indicate it is the combined effect of the CCPA as amended by the CPRA. Citations here are to sections of California’s Civil Code, as amended by the CPRA. It will take effect on 1 January 2023, but will apply to data collected from 1 January 2022, except for the right of access. CCPA 2.0, in its combined effect, is the most ambitious US legislation affecting privacy more broadly than in a specific sector.(1)