California Consumer Privacy Act (CCPA) is set to move forward, as scheduled on July 1, 2020, despite the challenges presented by the COVID-19 pandemic.

As various states and countries implement lock downs and stay at home orders in effort to deal with the coronavirus pandemic, many events, initiatives and processes are being cancelled, or at best delayed. Many businesses and other organizations have resorted to shutting down, or digitising their operations to cope with the uncertain times. However, for California Attorney General Xavier Becerra, there is no intention to delay the implementation of California Consumer Privacy Act, which is expected to be enforced on or before July 1, 2020. Despite pushback from a coalition, who is asking for this initiative to be postponed, as businesses and organisations focus on dealing with challenges presented by COVID-19, Becerra seems, so far, unmoved. 

The California Attorney General plans to proceed with implementation of the law despite pushback.

An advisor for the California Attorney General affirmed that they are committed to enforcing the law upon finalizing the rules or July 1, whichever comes first, and stated “”We’re all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency.” The coalition, which is now comprised of 60 groups, stated “A temporary deferral in enforcement of the CCPA would relieve many pressures and stressors placed on organizations due to COVID-19 and would better enable business leaders to make responsible decisions that prioritize the needs and health of their workforce over other matters.”

The Civil Code allows for an enforcement of the CCPA on July 1, but not prior to that.

According to one of the groups which is part of the coalition “The law, Civil Code Section 1798.85(c), states that ‘The Attorney General shall not bring an enforcement action under this title until six months after the publication of the final regulations issued pursuant to this section or July 1, 2020, whichever is sooner.’ So that means July 1, period.”

CCPA was approved on September 2018

Initial Proposed Regulations were first published on October 11, 2019 and two sets of modifications, on February 10, 2020 and March 11 2020, have been released since then.

According to Cristina Contero Almagro, Aphaia’s Partner, “one should note that CCPA was approved on September 2018, commencing on January 1, 2020, subject to the publication of the final regulations. This means that businesses have had more than a year so far to adapt their processes to the main requirements of the CCPA”.

Do you have questions about how to navigate data protection laws during this global coronavirus pandemic in your company? We can help you. Aphaia provides both GDPR and CCPA consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.