A California appellate court in February handed a major strategic victory to the California privacy regulator (CPPA), which was created by Proposition 24 in the 2020 election. The regulator had missed – by nine months – the statutory deadline to release proposed regulations implementing the state's updated privacy laws. In order to give businesses time to adjust to the requirements of the proposed regulations, the California Chamber of Commerce sued to stop the effective date of the regs for a year. That would have lined up with the requirements of the original statute, which required draft regs to be published in July 2022 and have them take effect in July 2023. The appellate court says the agency's rules can take effect immediately, with no waiting period.
Why It Matters
The appellate court decision came almost a year after the agency finally released draft regulations (which was in March 2023). The timing of the decision is therefore not the most critical issue for businesses that are subject to the law: they have now had almost a year to come into compliance with the proposed regulations. What is worrying, however, is whether the court's action would allow CPPA to issue future regulations and have them take effect immediately or after only a short grace period. Any business subject to the California privacy laws would do well to conduct a periodic privacy checkup with counsel that includes inquiry about any pending or draft regulations in the pipeline that could change compliance requirements.
Subscribe to Taylor English Insights by topic here.