Privacy Insider Newsletter | Data Privacy News Delivered Weekly

CPRA Enforcement Set for Saturday (Amid Uncertainty)

Written by Arlo Gilbert | Jun 29, 2023 3:30:00 PM

Hello all, and happy Thursday!  

If you haven’t heard, the enforcement date for the California Privacy Rights Act (CPRA) is set for this Saturday, July 1 — just three months after the California Privacy Protection Agency (CPPA) finalized regulations.   

The California Chamber of Commerce isn’t happy with the enforcement date. Back at the end of March, the Chamber filed a lawsuit to extend the enforcement date since, according to them, “The CPPA did not meet the voter-imposed deadline to adopt regulations implementing Proposition 24, the California Privacy Rights Act.” As a result, the Chamber of Commerce feels businesses don’t have enough time to adjust in order to follow the new law.   

An initial hearing is set to happen on June 30 in the Sacramento Superior Court, which is cutting it pretty close for the businesses that will be impacted by CPRA. We’ve seen what enforcement can look like in California — Sephora’s $1.2 million fine for violating the CCPA in October of last year was a swift reminder of just how steep these fines can get, even in the US, where data privacy laws are a fairly new practice.  

However, it’s also important to remember that Sephora’s settlement came after a 30-day cure period, which was meant to give them time to correct their violations before the California Attorney General took action against the organization. As the enforcement window for CPRA opens, this ability to cure is beneficial for impacted organizations and those seeking guidance on the right approach to take. 

Best, 

Arlo 

 

Top Privacy Stories of the Week

How Your New Car Tracks You 

Vehicles have become increasingly connected, so the amount of data they can record about their drivers has shot up. Now, there’s a tool that can help you understand just how much data they’re collecting and passing off to vehicle manufacturers, thanks to the US-based automotive firm Privacy4Cars and its new Vehicle Privacy Report. 

Read more 

Personalized Advertising: CRITEO Fined EUR 40 Million 

The French Data Protection Agency, Commission Nationale Informatique & Libertés (CNIL), has sanctioned CRITEO with a EUR 40 million fine. The organization found five GDPR infringements by the organization regarding, among others, a lack of consent to process individuals’ data. 

Read more 

Oregon Set to Become the 11th State with a Comprehensive Privacy Law 

The Oregon House and Senate have signed Senate Bill 619, which previously passed in the House. The privacy bill now moves to the Oregon Governor’s desk for signature, making it the 11th comprehensive state privacy law in the U.S. If passed, the bill will take effect July 1, 2024. 

Read more 

CPRA Enforcement Date Challenged by California Chamber of Commerce 

The California Chamber of Commerce sued the California Privacy Protection Agency in late March of this year to delay the CPRA enforcement date (which is this Saturday). The hearing is set to begin on June 30.  

Read more 

Meta Granted Stay Extension in DPC Data Transfer Case 

Meta has been granted an extension of a temporary stay on the order from the Irish Data Protection Commission to suspend its EU-U.S. data transfers. The extension will continue through to the end of July.  

Read more 

Publishers Clearing House Pays $18.5 Million in ‘Dark Patterns’ Suit 

The Publishers Clearing House (PCH) has agreed to pay $18.5 million to settle a lawsuit with the Federal Trade Commission in the U.S. According to the FTC, PCH used dark patterns and “coerced customers through false suggestions that making a purchase was the only way to enter its popular sweepstakes.”  

Read more 

Apple’s Take on Data Privacy 

Apple has released two new features regarding third-party software development kits. The first, privacy manifests, consists of files that detail the privacy practices of all third-party SDKs utilized in an app. The second, SDK signatures, verifies that new versions of an SDK are signed by the original developer in an effort to ensure that SDK-supplied code is not part of a scam attempt. 

Read more 

Osano Blog: What Is Universal Consent Management? 

Universal consent management is closely related to cookie consent and preference management, but there's a bit more to it than that. Learn more about it and its benefits in our latest blog.  

Read more 

If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.