In California Privacy Protection Agency et al. v. The Superior Court of Sacramento County (case number C099130), the Third Appellate District of the California Court of Appeal returned authority to the California Privacy Protection Agency (CPPA) to enforce the regulations promulgated under California’s groundbreaking consumer data privacy law, the California Consumer Privacy Act (CCPA, as amended by the California Privacy Rights Act (CPRA)).
The California Chamber of Commerce had challenged the CPPA’s timeline for enforcing its newly finalized regulations, arguing that the agency had missed statutory deadlines, which, in their view, should delay the enforcement start date a full year after their promulgation—to March 29, 2024. The regulations in question, which address aspects such as privacy notice requirements and the handling of browser signals for opt-out requests, are part of the broader framework established by the CCPA. The lower court agreed and temporarily stripped the CPPA of its enforcement capabilities.
The appellate court overturned that decision. The court found no explicit mandate in the law that would necessitate delaying enforcement until a year after the finalization of the regulations, as the Chamber had contended. Consequently, the CPPA can now immediately begin enforcing the regulations finalized last March without the previously imposed delay.Continue Reading California Appeals Court Empowers Privacy Agency to Immediately Enforce CCPA Regulations