The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. If voters approve the initiative, the CPRA would significantly expand the California Consumer Privacy Act (CCPA), establish the California Privacy Protection Agency, remove the CCPA's cure period and impose a number of General Data Protection Regulation-style obligations on businesses, among other requirements.
The California attorney general recently submitted the final text of the California Consumer Privacy Act regulations to the California Office of Administrative Law for approval. Although regulations submitted to the Office of Administrative Law in June 2020 ordinarily would not become effective – if approved – until 1 October 2020, the attorney general has requested an expedited review.
The US courts of appeals increasingly agree on how to interpret the definition of 'automatic telephone dialling system' under the Telephone Consumer Protection Act. A unanimous Seventh Circuit panel recently refused to revise a putative class action after concluding that the dialling system used did not qualify as an autodialer. Like recent Eleventh Circuit and Third Circuit decisions, the Seventh Circuit held that an autodialer must use a random or sequential number generator to either store or produce numbers.
The Eleventh Circuit panel recently released a landmark ruling in Glasser v Hilton Grand Vacations Company, LLC. The key issue was how to interpret ambiguous language in the Telephone Consumer Protection Act's (TCPA's) definition of an 'automatic telephone dialling system'. In recent years, imprecise statutory phrasing and the Federal Communication Commission's liberal reading of the legislative history has empowered plaintiffs to assert TCPA claims based on a wide array of calling systems.
The Washington Privacy Act (WPA) gained significant traction in the legislature in 2019, passing the state Senate almost unanimously, but ultimately failing in the state House of Representatives due to discussions around facial recognition and compliance challenges. State Senator Reuven Carlyle has now released a revised draft of the WPA for 2020. If enacted as drafted, this new version of the WPA would come into effect on 31 July 2021.
California Governor Gavin Newsom recently signed the Consumer Call Protection Act 2019 to address the rise in deceptive robocalls and protect consumers from fraudulent calls. The act requires telecoms service providers to implement secure telephony identity revisited (STIR) and secure handling of asserted information using tokens (SHAKEN) protocols by 1 January 2021 and is the latest in a series of ongoing efforts to promote STIR/SHAKEN or similar call authentication frameworks.
The California attorney general recently released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The attorney general also released a notice of proposed rulemaking and an initial statement of reasons that provide drafting insights and outline considerations that will likely continue to guide the rulemaking process. The proposed regulations provide clarifications for businesses and consumers in five key CCPA areas, including privacy notice requirements.
The California legislature recently debated several amendments to the California Consumer Privacy Act, eventually passing five bills which now await the governor's signature. Collectively, these bills do not provide the sweeping changes sought by businesses. Instead, the amendments make minor tweaks and postpone for one year some of the more challenging requirements. The passed bills address a range of topics, including providing for a partial, temporary one-year exception for applicant and employee data.
In a long-awaited decision, the Supreme Court was expected to provide greater clarity on the extent to which litigants can challenge the Federal Communications Commission's Telephone Consumer Protection Act interpretations in private litigation. However, instead of deciding that issue, the court vacated the Fourth Circuit's ruling and remanded the case for further development.
Senate Bill 220 was recently signed into law, making Nevada the first state to join California in granting consumers the right to opt out of the sale of their personal information. However, the new privacy law is significantly narrower than the California Consumer Privacy Act (CCPA). For example, it applies only to online activities, defines 'consumer' and 'sale' more narrowly and includes broad exceptions for financial institutions subject to the Gramm-Leach-Bliley Act.
Several legislative proposals seeking to amend the California Consumer Privacy Act are moving forward following a recent hearing before the California Assembly's Committee on Privacy and Consumer Protection in which the bills were approved. The bills will advance to the assembly's Appropriations Committee before being voted on by the full assembly and potentially advancing to the California State Senate for consideration.