The California legislature is considering significant amendments to the California Consumer Privacy Act (CCPA) ahead of the law’s January 1, 2020 implementation date. Of particular note has been the potential for CCPA amendments to expand the private right of action beyond violations of businesses’ duty to implement and maintain reasonable security procedures to instead cover violations of any CCPA right.
Recent developments in the California Assembly and Senate may preview whether California businesses and consumers should expect an expanded private right of action:
On April 10, The CCPA amendments bill (SB 561) introduced by California Senator Hannah-Beth Jackson and sponsored by California Attorney General Xavier Becerra was approved by the California Senate’s Judiciary Committee in a 6-2 vote following a Committee hearing in which the private right of action was debated. The bill is moving forward and will now be considered by the California Senate’s Appropriations Committee. We previously have described SB 561 on our blog.
On April 12, the CCPA amendments bill (AB 1760) introduced by California Assemblymember Buffy Wicks was revised by the California Assembly’s Committee on Privacy and Consumer Protection to remove a provision that would have expanded the CCPA’s private right of action to apply to any CCPA violation. Removing the private right of action was the Committee’s only significant revision to AB 1760, which otherwise envisions significant changes to the CCPA such as requiring opt-in consent for businesses’ sharing of consumer data and significantly expanding consumers’ right to delete data held by businesses.
The removal of the expanded private right of action is significant, and the bill will remain with the Assembly’s Committee for Privacy and Consumer Protection for further consideration.
For additional analyses of the California Consumer Privacy Act and the challenges ahead for companies, read Hogan Lovells’ CCPA blog series.