This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

California Chamber Seeks State Supreme Court Review of Privacy Act Enforcement

The California Chamber of Commerce filed a petition to the California Supreme Court on February 20, 2024, seeking review of a February 9, 2024 appellate decision that paved the way for the state’s privacy enforcement agency, the California Privacy Protection Agency (CPPA), to start enforcing the California Privacy Rights Act’s updated regulations immediately.

The CPPA filed the appeal after the trial court put enforcement of these regulations on hold until March 29, 2024. Last year, a Sacramento trial court held that the additional time was necessary because the CPPA had missed the deadline to adopt its final regulations by more than eight months, and the voters who passed CCPA did not intend to give businesses less than a year to comply.

The appellate court, however, disagreed, finding that “there is no ‘explicit and forceful language’ ” in the ballot initiative by which CPRA was passed, Proposition 24, that would require any such enforcement delay. The Chamber’s petition to the California Supreme Court argues, among other things, that “explicit and forceful language” is a new standard courts have never previously applied when asked to enforce statutes that link enforcement dates to the timing of regulatory guidance.

While the CPPA has been publicly quiet on its enforcement efforts since announcing its review into the data privacy practices of connected vehicle manufacturers and related technologies in August last year, Michael Macko, the CPPA’s Deputy Director of Enforcement, stated about the appellate court decision that the “decision should serve as an important reminder to the regulated community: now would be a good time to review your privacy practices to ensure full compliance with all of our regulations.”

We will continue to monitor the petition’s outcome and the CPPA’s response. Given the CPPA’s suggestion of immediate enforcement, covered businesses that have not yet familiarized themselves with these new regulations should carefully review them and take immediate steps toward compliance.

Tags

cybersecurity bits and bytes, blogs