On June 3, 2025, the California Senate unanimously passed Senate Bill 690 (SB 690), a bill that seeks to add a “commercial business purposes” exception to the California Invasion of Privacy Act (CIPA).
After multiple readings on the Senate floor, SB 690 passed as amended, and will now proceed to the California State Assembly. SB
California Senate Bill 690 (SB 690), introduced by Senator Anna Caballero, is continuing to proceed through the California state legislative process. The proposed bill would amend the California Invasion of Privacy Act (CIPA) by adding an exception to the statute which has the effect of permitting use of tracking technologies for “commercial business purposes.” CIPA
The California Privacy Protection Agency (“CPPA”) issued and discussed draft regulations on Cybersecurity Audits and Risk Assessments late in the summer. The CPPA Board plans to discuss the draft regulations at its upcoming December 8th public meeting, along with a presentation on the regulations. Continue Reading CPPA Considers Next Set of CPRA Regulations Covering Cybersecurity Audits and Risk Assessments
The California Superior Court in Sacramento decided to give businesses in California an early present for the 4th of July. The regulations promulgated by the California Privacy Protection Agency (“CPPA”) back in March will not be enforceable on July 1, 2023. The new enforcement date will be March 29, 2024.
This is a result of the Court finding (account to access required) that it was the intent of the voters to require a 12-month “grace period” for businesses to build out their CCPA compliance programs. As a bit of background, and as we mentioned in our article back in April that you can find here, the California Chamber of Commerce (“the Chamber”) filed suit against the CPPA in March of this year seeking a delay in enforcement. The suit argued that the CCPA regulations passed by the CPPA should only be enforceable only after 12 months from the final promulgation of all the required regulations set out in Proposition 24 and sought injunctive relief to delay CPPA’s enforcement. The Chamber lawsuit was filed the day after the CPPA finalized their regulations across 12 of the 15 areas of the CCPA which rulemaking is required under Proposition 24.Continue Reading California Courts Give an Independence Day Present – CCPA Regulation Enforcement Delayed
The rush for California to get all of the “rules of the road” ready for next year has seemed to cause a bit of confusion with California’s privacy law. Draft regulations were published the same day the Governor signed into law a series of amendments to the underlying law. It is all a bit confusing, However, now that the Governor has signed the last raft of amendments, and the dust has somewhat settled, the question on everyone’s mind is: What changed in the California Consumer Protection Act (“CCPA”)? How does this effect the draft regulations that the Attorney General published?
Fortunately, there are a number of significant changes which help clarify the CCPA, as well as materially change the scope of the CCPA – even if the AG didn’t include some of these changes into the initial draft regulations announced earlier this month. The most impactful changes across industries are as follows:
Business employees
To start off, the issue of employee coverage under the CCPA has been a fractious one. On one hand, business has rightly claimed that the relationship with an employee is not the same as the relationship with a customer. On the other hand, privacy advocates have claimed that employees shouldn’t give up privacy rights just because they are employees.
Continue Reading CCPA Amendments – What did California Actually Do?
Attorney General Becerra’s office posted the long-awaited draft CCPA regulations a little before 2:00 pm (PST) October 10th. It was a bit of a curve ball, to be perfectly honest (considering the final swath of amendments to the CCPA are not even final until Governor Newsom signs them, or on October 13th). Tellingly, the California Administrative Procedure Act requires the California Department of Finance to approve “major regulations” (and they have 30 days to do that) prior to publication. Based on this, it would seem that these regulations were drafted prior to the amendments to the CCPA going through the legislature. This does not seem like an effective way to draft regulations, but hey, no one should tell the AG he shouldn’t jump the gun! They are now out there so, one reviews anyway.
Topping out at a modest 24 pages (the CCPA itself is 19 pages), the regulations are organized into seven articles. We’re directing our comments to the issues that pop out to us initially, and as always, we’ll post further observations as things progress.
Continue Reading And the Wait for CCPA Rules is Over …. Kind Of
Those interested in keeping up with the latest news impacting the California Consumer Privacy Act have been heavily focused on AB 25, and its potential to exclude employees from the scope of the CCPA. In a marathon late-night session, the California Senate Judiciary Committee weighed in July 11 on various bills – including AB 25. An while AB 25 was part of the Committee debate, that amendment may actually make the bill less useful than first intended. Additionally, another bill made it out of committee which has the potential of a far greater impact than anyone seems to be noticing.
Continue Reading CCPA Amendments – Employees and the Loyalty Program Change Nobody is Talking About
Cross-Posted from Carpe Datum Law Blog
Senate Bill 561, which would have generated even greater compliance challenges and litigation risk for businesses, has been held in committee and placed on suspense. This development effectively prevents the bill from advancing for a vote and is a bit of CCPA good news for businesses. It also serves
Last month, Texas saw the introduction of not one, but TWO privacy bills in the Texas state legislature: The Texas Consumer Privacy Act (TXCPA) and the Texas Privacy Protection Act (TXPPA). With news of this likely meeting with a collective groan and shoulder shrug, we do have some good news for you.
Both bills’ foundations are set with familiar CA Consumer Privacy Act (“CCPA”) language. Unfortunately, this is also bad news because they both suffer from the same problems found in the CCPA – we’ll explain below. It’s also still early in the game, with the bills having just been filed in the state legislature. Given that there is time in the legislative session for amendments to be made and especially considering the ‘ring-side’ view Texas lawmakers have to the CA legislative and Attorney General rule/procedure process currently unfolding, it would be unreasonable not to expect changes. Finally, the bills are reactive responses to the national (or international) focus on privacy issues of late and may allow impacted businesses a grace period, as we’ve seen in the CCPA. In this blog, we shine the light on the first of these bills: The Texas Consumer Privacy Act.
Continue Reading And Texas Joins the Privacy Fray – Part 1 (or, the Elephant in the room just got a LOT bigger…)
California, home to more than 40 million people and the 5th largest economy in the world, has passed the California Consumer Privacy Act (CCPA), its omnibus consumer privacy law. The law creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Many aspects of the implementation and enforcement are still being finalized by the California Attorney General. However, companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Continue Reading The California Consumer Privacy Act of 2018: What Businesses Need to Know Now