This article was updated Wednesday, May 20, 2020, to reflect changes in number of signatures.
On May 14, California Secretary of State Alex Padilla announced that the Californians for Consumer Privacy effort to qualify the California Privacy Rights Act initiative for the November ballot has met its first threshold. The raw number of signatures filed exceeded prima facie the 623,212 number required for the CPRA to qualify for the ballot. More on this can be found here.
Padilla ordered county officials to begin the process of verifying signatures selected from random samples. In counties where at least 500 signatures were obtained, 3% of signatures in the random sample must be verified to include the signatures obtained. In counties where less than 500 signatures were obtained, all signatures must be verified.
Seven counties reported receiving fewer than 500 signatures. Initial reports from the first counties to report showed about 86% of signatures were valid. The Secretary of State’s order tallied a total of 667,062 signatures thus far. This total is not complete. It did not include several populous counties so that Californians for Consumer Privacy likely has much closer to its announced total of 900,000 signatures, which would likely be sufficient to put the initiative on the ballot in November.
However, the signature total is still uncertain.
The outcome of this signature verification process will determine whether the initiative will be on the November ballot or undergo an additional round of signature checks. If county officials determine at least 110% of signatures required (685,534) are verified, the initiative will be automatically eligible for the November ballot. However, the initiative would fail to qualify for the ballot if the total number of valid signatures is less than 95% of the number of signatures required to qualify the ballot initiative (592,052). If the percentage of verified signatures reaches 95% or more of that number, then county election officials would begin the “full check” process of verifying each signature.
What is more, the California attorney general’s draft California Consumer Privacy Act regulations appear unlikely to take effect July 1. Proposed regulations must be submitted to the state Office of Administrative Law for review for compliance with the State Administrative Procedures Act before the regulations take effect. For regulations to become effective July 1, they must be filed with the Office of Administrative Law by May 31.
However, as of this writing, the CCPA is not among the regulations that are on the Office of Administrative Law’s long list to review. Although it is possible for the attorney general’s office to seek emergency review, this seems unlikely with only 11 days left before the deadline and the large backlog of regulations to be reviewed before the Office of Administrative Law.
If the regulations are not approved by May 31 so as to take effect July 1, as originally expected, their effective date will likely slip until Oct. 1. Violations of the privacy provisions of the CCPA statute are subject to enforcement starting July 1, 2020. However, the CCPA regulations will not be enforceable until the quarterly effective date one month and one day after approval by the OAL.
The bottom line of these uncertainties: Not only do California CCPA requirements remain somewhat uncertain, but even the dates when those potential new requirements will take effect remain up in the air.
Photo by Paul Hanaoka on Unsplash
The IAPP publications team reached out to the California Attorney General’s Press Office inquiring about whether it has filed the CCPA draft regulations with the California Office of Administrative Review in time for the regulations to be approved to take effect July 1.
The press office said, “It is correct that we have not yet submitted final regulations to OAL. The CCPA became effective on 1/1/20 and can be enforced on and after 7/1/20.”
The Westin Research Center released a new interactive tool to help IAPP members navigate the California Consumer Privacy Act. The “CCPA Genius” maps requirements in the law to specific CCPA provisions, the proposed regulations, expert analysis and guidance regarding compliance, the California Privacy Rights Act ballot initiative, and other resources.
Author: Lothar Determann, Partner, Baker McKenzie
In the pages of “California Privacy Law,” businesses, attorneys, privacy officers and other professionals will gain practical guidance and essential, in-depth information regarding each California and U.S. privacy law — scope, compliance duties and enforcement.
If you want to comment on this post, you need to login.