California’s Governor Newsom Signs New Privacy Law Clarifying Timeline for CPRA Regulations

California's proliferation of new privacy laws shows no sign of slowing. In September and October, California's Governor Gavin Newsom signed multiple privacy bills into law, covering genetics, abortion rights, and updates to the California Privacy Rights Act (CPRA) in Assembly Bill 694 (AB 694), which among other things clarifies the timing of the California Privacy Protection Agency's (CPPA) rulemaking responsibilities. The updates in AB 694 are largely non-controversial and were pitched as non-substantive by the legislature. The bill clarifies that CPPA's rulemaking authority starts on the later of July 1, 2021, or six months after the CPPA provides notice to the Attorney General that it is prepared to assume responsibility. Previously, there had been a conflict between two sections in the statute as to whether it was the earlier or later of the two dates. Companies now have clarity that the CPPA's rule-making authority was not tied to July 1, 2021, but instead will be tied to a date 6 months after it provides notice of proposed rulemaking. The amendment also included updates to California Civil Code sections 1798.140 (Definitions), 1798.145 (Exemptions) and 1798.199.40 (Functions of the California Privacy Protection Agency). Updates to definitions included adding definitions for concepts such as advertising and marketing, consent, contractor, and household. Comments on rulemaking are due to the CPPA by November 8, 2021; however, this invitation for comments is not proposed rulemaking and therefore does not trigger the six-month timeline previously mentioned. The CPPA met on October 18, 2021, to further discuss, among other items on the agenda, rulemaking.