On February 9, 2024, the California Third Appellate District Court of Appeal made a significant ruling regarding the enforcement timeline of the California Privacy Rights Act of 2020 (CPRA) implementing regulations. The appellate court overturned a previous ruling from June 2023 by a lower court, which had ordered a 12-month delay in enforcing the regulations following their adoption.
The lower court’s reasoning was based on the belief that voters intended for a one-year gap between the adoption and enforcement of these regulations. Following adoption of CPRA regulations on March 29, 2023, the lower court ordered enforcement to be stayed until March 29, 2024.
However, upon reevaluation of the CPRA’s text and voters’ intentions, the appellate court concluded that the lower court had misinterpreted the law and highlighted the absence of “clear, unequivocal” language in the CPRA mandating a one-year delay between approval and enforcement. Consequently, the appellate court instructed the lower court to rescind its order for the 12-month enforcement delay.
This ruling effectively reinstates the California Privacy Protection Agency’s authority to enforce CPRA regulations immediately upon their adoption, without additional delay. It underscores the importance of organizations to maintain robust privacy programs that align with the dynamic landscape of privacy laws and regulations.