California Privacy Rights Act

Choice	Votes	%
Yes	9,384,125	56.23%
No	7,305,026	43.77%

Elections in California
Federal government U.S. President 1852 1856 1860 1864 1868 1872 1876 1880 1884 1888 1892 1896 1900 1904 1908 1912 1916 1920 1924 1928 1932 1936 1940 1944 1948 1952 1956 1960 1964 1968 1972 1976 1980 1984 1988 1992 1996 Dem Rep 2000 Dem Rep 2004 Dem Rep 2008 Dem Rep 2012 Dem Rep 2016 Dem Rep 2020 Dem Rep 2024 Dem Rep U.S. Senate 1849 1850 1852 sp 1856 1857 sp 1860 1860 sp 1868 1872 1873 1873 sp 1878 1880 1885 1886 sp 1887 1891 1891 sp 1893 1895 sp 1897 1900 sp 1903 1905 1909 1911 1914 1916 1920 1922 1926 1928 1932 1934 1938 1940 1944 1946 1946 sp 1950 1952 1954 sp 1956 1958 1962 1964 1968 1970 1974 1976 1980 1982 1986 1988 1992 1992 sp 1994 1998 2000 2004 2006 2010 2012 2016 2018 2022 2022 sp 2024 2024 sp 2028 U.S. House of Representatives 1849 1851 1852 1854 1856 1859 1861 1863 1864 1867 1868 1871 1872 1875 1876 1879 1880 1882 1884 1886 1888 1890 1892 1894 1896 1898 1900 1902 1904 1906 1908 1910 1912 1914 1916 1918 1920 1922 1924 1926 1928 1930 1932 1934 1936 1938 1940 1942 1944 1946 12th 1948 1950 1952 1954 1956 1958 1960 1962 1964 1966 1968 1970 1972 1974 1976 1978 1980 1982 1984 1986 1987 5th sp 1988 1990 1992 1994 1996 1998 2000 2001 32nd sp 2002 2004 2005 5th sp 48th sp 2006 50th sp 2007 36th sp 2008 12th sp 2009 10th sp 32nd sp 2010 2011 36th sp 2012 2014 2016 2017 34th sp 2018 2020 25th sp 2022 22nd sp 2024 16th 20th sp 30th 45th 47th v t e
State government Executive Governor 1849 1851 1853 1855 1857 1859 1861 1863 1867 1871 1875 1879 1882 1886 1890 1894 1898 1902 1906 1910 1914 1918 1922 1926 1930 1934 1938 1942 1946 1950 1954 1958 1962 1966 1970 1974 1978 1982 1986 1990 1994 1998 2002 2003 (recall) 2006 2010 2014 2018 2021 (recall) 2022 2026 Lieutenant governor 1950 1954 1958 1962 1966 1970 1974 1978 1982 1986 1990 1994 1998 2002 2006 2010 2014 2018 2022 2026 Attorney general 1970 1974 1978 1982 1986 1990 1994 1998 2002 2006 2010 2014 2018 2022 Secretary of state 1970 1974 1978 1982 1986 1990 1994 1998 2002 2006 2010 2014 2018 2022 Treasurer 1994 1998 2002 2006 2010 2014 2018 2022 Controller 1994 1998 2002 2006 2010 2014 2018 2022 Insurance commissioner 1994 1998 2002 2006 2010 2014 2018 2022 Superintendent 1994 1998 2002 2006 2010 2014 2018 2022 Board of equalization 2018 2022 Legislature Senate 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 2016 2018 2020 2022 2024 Special Assembly 1992 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 2016 2018 2020 2021 (79th sp) 2022 (17th sp) 2024 Special Judiciary Court of appeals 1994 1998 2002 2006 Elections by year 1992 1994 1996 1998 2000 2002 2004 2005 2006 2008 Feb Jun Nov 2009 2010 Jun Nov 2012 Jun Nov 2014 2016 2018 2020 2022 2024 v t e
State propositions 1910–1919 1911 4 7 8 1960–1969 1964 14 1970–1979 1978 6 8 13 1980–1989 1982 8 1986 64 65 1988 98 99 1990–1999 1994 187 1996 196 209 215 218 1998 6 10 227 2000–2009 2000 21 22 36 39 2003 53 54 2004 1A 55 56 57 58 59 60 60A 61 62 63 64 65 66 69 71 2005 73 74 75 76 77 78 79 80 2006 81 82 83 85 87 89 90 2008 91 92 93 94, 95, 96, and 97 98 and 99 1A 2 3 4 5 6 7 8 9 10 11 12 2009 1A 1B 1C 1D 1E 1F 2010–2019 2010 13 14 15 16 17 19 20 21 22 23 24 25 26 27 2012 29 30 32 34 37 38 39 2014 1 2 41 42 45 46 47 48 2016 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 2018 68 69 70 71 72 6 7 8 9 10 11 12 2020–2029 2020 13 14 15 16 17 18 19 20 21 22 23 24 25 2022 1 26 27 28 29 30 31 2024 1 Full list v t e
Los Angeles County Los Angeles County Board of supervisors 1980 1996 2006 2008 2010 2012 2014 2016 2018 2020 2022 2024 Ballot measures 1980 A 2008 R 2012 B J 2016 M Elections 2020 2022 2024 Los Angeles Mayor 1896 1898 1900 1902 1904 1906 1909 (sp) 1909 1911 1913 1915 1917 1919 1921 1923 1925 1929 1933 1937 1938 1941 1945 1949 1953 1957 1961 1965 1969 1973 1977 1981 1985 1989 1993 1997 2001 2005 2009 2013 2017 2022 City attorney 2009 Ballot measures 1986 U 2017 S Elections 2009 2011 2013 2015 2017 2019 (sp) 2020 2022 2023 (sp) 2024 Long Beach Mayor 1994 1998 2002 2006 2010 2014 2018 2022 v t e
Orange County Orange County Board of supervisors 2018 2020 2022 2024 District attorney 2018 Anaheim Mayor 2002 2006 2010 2014 2018 2022 Irvine Mayor 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 2016 2018 2020 2022 2024 Costa Mesa Municipal 1947 1953 1954 1956 1958 1960 1962 1964 1966 1968 1970 1972 1974 1976 1978 1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 2016 2018 2020 2022 2024 v t e
Sacramento Mayor 2000 2004 2008 2012 2016 2020 2024 v t e
San Diego County San Diego County Board of supervisors 2020 San Diego Mayor 1887 1889 1891 1893 1895 1897 1899 1901 1903 1905 1907 1909 1911 1913 1915 1917 1919 1921 1923 1925 1927 1929 1931 1932 1935 1939 1943 1947 1951 1955 1959 1963 1967 1971 1975 1979 1983 (sp) 1984 1986 (sp) 1988 1992 1996 2000 2004 2005 (sp) 2008 2012 2013–14 (sp) 2016 2020 2024 City attorney 2004 2008 2012 2016 2020 City council 2002 2004 2006 2008 2010 2012 2014 2016 2018 2020 Special v t e
San Francisco Mayor 1955 1959 1963 1967 1971 1975 1979 1983 (recall) 1983 1987 1991 1995 1999 2003 2007 2011 2015 2018 (sp) 2019 2024 District attorney 2019 2022 (recall) 2022 (sp) 2024 Board of supervisors 1977 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 2016 2018 2020 2022 2024 Board of education 2018 2022 (recall) Elections 2004 Mar Nov 2005 2006 Jun Nov 2007 2008 Feb Jun Nov 2009 2010 Jun Nov 2011 2012 Jun Nov 2013 2022 Feb v t e
San Jose Mayor 1974 1978 1982 1986 1990 1994 1998 2002 2006 2010 2014 2018 2022 2024 v t e
Other localities Bakersfield Mayoral elections: 2004 2008 2012 2016 2020 2024 Fresno Mayoral elections: 1996 2000 2004 2008 2012 2016 2020 2024 Oakland Mayoral elections: 1994 1998 2002 2006 2010 2014 2018 2022 Riverside Mayoral elections: 1997 2001 2005 2009 2012 2016 2020 2024 San Bernardino Mayoral elections: 2005 2009 2014 2018 2022 Stockton Mayoral elections: 2008 2012 2016 2020 2024 v t e
v t e

The California Privacy Rights Act of 2020 (CPRA), also known as Proposition 24, is a California ballot proposition that was approved by a majority of voters after appearing on the ballot for the general election on November 3, 2020.^[1][2][3] This proposition expands California's consumer privacy law and builds upon the California Consumer Privacy Act (CCPA) of 2018, which established a foundation for consumer privacy regulations.^[4]

The proposition enshrines more provisions in California state law, allowing consumers to prevent businesses from sharing their personal data, correct inaccurate personal data, and limit businesses' usage of "sensitive personal information", which includes precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information. The Act creates the California Privacy Protection Agency as a dedicated agency to implement and enforce state privacy laws, investigate violations, and assess penalties of violators.^[5] The Act also removes the set time period in which businesses can correct violations without penalty, prohibits businesses from holding onto personal data for longer than necessary, triples the maximum fines for violations involving children under the age of 16 (up to $7,500), and authorizes civil penalties for the theft of specified login information.^[6][7]

The California Privacy Rights Act took effect on January 1, 2023, applying to personal data collected on or after January 1, 2022.^[8] The law cannot be repealed by the state legislature, and any amendments made by the legislature must be “consistent with and further the purpose and intent” of the Act.^[9]

As technology has become more integrated into daily life lawmakers around the world have pushed for greater regulation of data privacy.^[10] Beginning in 1950, the European Convention on Human Rights asserted that data privacy should be subject to legal protections.^[10][11]Several episodes of unknown use and sale of consumer data, such as the Cambridge Analytica scandal, have led to US lawmakers pursuing better data privacy protections particularly those at the state-level.^[10][12]Additionally, the EU’s passage of the General Data Protection Regulation (GDPR) in 2018 spurred greater interest in adopting a similar measure in the US.^[11] The GDPR is the strictest data privacy law in the world, with few exceptions and hefty fines. In California, these concerns manifested as the California Consumer Protection Act somewhat modeled on the EU’s GDPR.^[11]

The CCPA’s initial drafting and placement on the 2018 ballot was led by Alastair Mactaggart.^[12] He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown. Although passed in 2018, the CCPA would not come into effect until January 1, 2020.^[11] In 2020 Proposition 24, or the CPRA, appeared on the California ballot. The CPRA was designed to amend the CCPA to expand consumer data privacy^[13]. Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA.^[11] The CPRA was passed with 56.2% of California voters in favor of the proposition and went into effect on January 1, 2023.^[14]

The initiative represents an expansion of provisions first laid out by the California Consumer Privacy Act. Key changes include requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.^[15] The CPRA also altered the CCPA to apply to businesses buying, selling, or sharing personal information of 100,000 or more consumers compared to the previous 50,000 or more.^[15] In addition to the consumer protections, the proposition creates the California Privacy Protection Agency.^[4]The agency initially shared consumer privacy oversight and enforcement duties with the California Department of Justice.^[4] Another effect of the initiative is requiring businesses to obtain permission from consumers younger than 16 before collecting their data and permission from a parent or guardian before collecting data from consumers younger than 13.^[16]

The overall intention of the act is to resolve information asymmetry between consumers and businesses concerning the use of personal information. To that end the key rights of the Act include:

1. Control the use of personal information and limiting the use of sensitive personal information through the right to opt out of sale.
2. The ability to correct, delete, and transfer personal information.
3. The right to easily accessible self-serve tools to opt-out of sale or limit use of personal data
4. Exercise privacy rights without being penalized or discriminated against.
5. Hold businesses accountable for failing to take reasonable information security precautions.
6. Know who is collecting a child's personal information, how it is being used, and to whom it is disclosed.^[17]

The primary purpose of the CPRA is to further protect personal consumer information.^[18] The act defines consumer information as any information that could reasonably identify or be related to a specific person or household.^[18][17] This includes names, addresses, email address, social security number, and characteristics defined as being protected under California and federal law such as race, gender, or religion.^[17] The CPRA also alters the criteria for businesses to be subject to the act. The act applies to businesses meeting any of the three following criteria: (1) have $25 million in annual gross revenue in the preceding year (2) buys, sells, or shares the personal information of 100,000 or more consumers or households (3) businesses whose majority of revenue (50% or more) is earned from selling or sharing personal consumer information.^[19][17]

The ability to revoke consent for a business to sell or share a consumer's information through easily accessible tools is an integral part of the CPRA's modification of the CCPA. The CPRA mandates that a business' homepage must clearly display a link titled "Do Not Sell My Personal Information."^[17] A business may not require a consumer to make an account or go through multiple steps to opt out.^[17] This right essentially permits Californian consumers to require businesses to stop selling their information, thereby preventing the kinds of misuse and unkown sales of personal data that spurred the creation of the CCPA.^[18]

The proposition passed with roughly 55% of California voters voting in favor of the measure.^[20]

Partisan clients