This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read
Reposted from Taylor English Insights

Court Sides with California Regulator, Makes Privacy Regs Effective Immediately

A California appellate court in February handed a major strategic victory to the California privacy regulator (CPPA), which was created by Proposition 24 in the 2020 election. The regulator had missed – by nine months – the statutory deadline to release proposed regulations implementing the state's updated privacy laws. In order to give businesses time to adjust to the requirements of the proposed regulations, the California Chamber of Commerce sued to stop the effective date of the regs for a year. That would have lined up with the requirements of the original statute, which required draft regs to be published in July 2022 and have them take effect in July 2023.  The appellate court says the agency's rules can take effect immediately, with no waiting period.  

Why It Matters

The appellate court decision came almost a year after the agency finally released draft regulations (which was in March 2023). The timing of the decision is therefore not the most critical issue for businesses that are subject to the law: they have now had almost a year to come into compliance with the proposed regulations. What is worrying, however, is whether the court's action would allow CPPA to issue future regulations and have them take effect immediately or after only a short grace period. Any business subject to the California privacy laws would do well to conduct a periodic privacy checkup with counsel that includes inquiry about any pending or draft regulations in the pipeline that could change compliance requirements.  

The ruling also enables the agency to immediately begin enforcing other future regulations as soon as they're finalized, rather than having to wait a year as the lower court had ordered.

Tags

data security and privacy, hill_mitzi, insights