Innovation at Work: the California Privacy Rights Act (CPRA)

January 7, 2021  |   Amy Stewart

Business leaders around the world can tell you that innovation happens when you focus on people, not on technology. It’s the same with the legislative process. Laws are most effective when people are kept at the center, and most innovative when they are allowed to change to better meet the needs of those people.  

The California Privacy Rights Act (CPRA) passed on November 3, 2020, but it isn’t an entirely different law–it’s an expansion of the current law under CCPA from 2018. Last month, a slim majority of California voters affirmed that consumers in their state would benefit from additional rights around the use of sensitive information, more safeguards for the information of minors, and the establishment of the California Privacy Protection Agency, which will be funded by up to $10 million per year. 

As a result, businesses affected by CPRA will expand opt-out rights to include new types of information-sharing and provide additional mechanisms for individuals to access, correct, or delete data, with more details on how information can be used by automated decision-making systems. Enforcement of CPRA is scheduled to begin on January 1, 2023, for data collected beginning on January 1, 2022, so companies have a bit of runway to interpret and identify the changes needed to comply with the new requirements. 

In our own case, LiveRamp has always been a privacy-centric company focused on enabling the safe and effective use of data. We are preparing to comply with the requirements of CPRA just as we did when CCPA, already deemed the most comprehensive U.S. data privacy law, was signed into law only two years ago. 

A culture of accountability is essential to succeed in a data-driven world, and LiveRamp will continue to focus on consumer privacy by ensuring that people have transparency, visibility, and choice into how their data is being used. As a leader in our industry, we remain committed to serving as a trusted technology partner for our clients as we move forward in this process.  

Moreover, we believe the recent voting outcome in California further emphasizes the need for comprehensive, preemptive federal data privacy legislation to properly balance the interests of people, society at-large, and business. 

In his article, LiveRamp’s EVP, Chief Ethics and Legal Officer, Jerry C. Jones, outlined how we should work together to close the gap and finally pass a federal data privacy law. U.S. citizens would be best served if a federal law prevented a patchwork of different requirements and consumer protections across 50 states. 

We fully anticipate that CPRA will strengthen momentum and unify support for a federal data privacy law, which predicates that other individual states will likely continue to iterate on their privacy laws as well. The complexity of changes to individual laws multiplied many times over could quickly become a heavy burden for U.S. businesses big and small. Even worse, it could cause unnecessary confusion for the consumer, further damaging trust instead of building it. 

While many companies prepare to comply with the new requirements of CPRA, let’s continue to innovate, keep our focus on the needs of the people, and work to create a better future for us all. To learn more about how LiveRamp keeps privacy top-of-mind in all we do, visit our Data Ethics and Privacy page.