By Scott Hall and Amber Leong
Despite (or possibly in reaction to) the recent court decision halting the enforcement of the regulations for the Consumer Privacy Rights Act (“CPRA”) by nine months, California regulatory authorities have made clear that they are still full speed ahead on privacy.
Immediately after the recent court decision on June 30, 2023, the California Attorney General’s Office issued a press release that it had sent notices to certain California employers regarding their compliance efforts in connection with employee privacy rights. Subsequently, the California Privacy Protection Agency (“CPPA”) released a statement on July 31, 2023 announcing its intent to review automakers’ data privacy practices for any “connected vehicle[s]” given these vehicles’ ability collect information “via built-in apps, sensors, and cameras, which can monitor people both inside and near the vehicle.” A few days later, on August 4, 2023, California Attorney General Rob Bonta and the CPPA filed a petition seeking to overturn the June 30, 2023 trial court decision delaying enforcement of the CPRA regulations.
Thus, in what has been a very busy past few weeks, California has clearly signaled its intent and willingness to move forward with the enforcement of privacy rights of California residents under the CPRA (which remains in effect despite the halt of regulations by court order). If companies have not already done so – they should, as soon as possible, assess whether they are subject to the CPRA, and if so, work with their legal teams to ensure their data collection practices, privacy policies, service provider agreements, and mechanisms to process consumer requests are all in place. Companies should also closely review areas of privacy that have been identified as enforcement priorities by regulators, including employee privacy rights, selling and sharing of consumer data, and connected vehicle data collection. California has shown it is not afraid to dole out fines in the millions. And with a new, dedicated California Privacy Protection Agency, in addition to the AG’s office, Federal Trade Commission, and other privacy enforcers, we can be sure to see a continued focus on privacy enforcement. If you have any questions or concerns, please do not hesitate to contact the Coblentz Data Privacy & Cybersecurity team.