1. Home
  2. |Insights
  3. |California Privacy Rights Act Enforcement Delayed

California Privacy Rights Act Enforcement Delayed

Client Alert | 1 min read | 07.06.23

In a June 30, 2023 decision by the Superior Court of California, County of Sacramento, the Court issued a ruling delaying agency enforcement of final regulations under the California Privacy Rights Act (CPRA) until March 2024. Calfornia Chamber of Commerce v. California Privacy Protection Act, Case No. 34-2023-80004106-CU-WM-GDS (Sacramento Superior Court, June 30, 2023).

The California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) provisions in the ballot initiative passed in 2020 by California voters are still in effect. However, enforcement of the final regulations implementing the CPRA, enacted on March 29, 2023 by the California Privacy Protection Agency (Agency) and which were set to go in effect on July 1, 2023, has been stayed by the California court until March 2024 (until one year after the enactment of the final CPRA regulations). Assuming the ruling is not overturned on appeal, it gives businesses another 9 months to become compliant with the final CPRA regulations. Businesses still need to remain compliant with the prior CCPA regulations in effect before the final CPRA regulations, including the CPRA provisions that were in the ballot initiative of 2020. The Agency has set a public meeting for July 14 to discuss enforcement and other topics.  

Notably, on March 29, 2023, the Agency issued final regulations with respect to only 12 of the 15 areas required by Section 1798.185 of the CPRA. The Court ruled that enforcement of these regulations was delayed until March 29, 2024. Enforcement of any regulations in the remaining three areas (cybersecurity audits, risk assessments and automated decision-making technology) will begin until a year after the Agency finalizes those rules. The Court did not mandate any specific date by which the Agency must finalize these remaining regulations.

Insights

Client Alert | 8 min read | 10.01.25

BIS Issues “Affiliates Rule” to Dramatically Expand Applicability of Entity and Military End-User Lists

On September 29, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) announced a sweeping Interim Final Rule (IFR), (the “Affiliates Rule”) expanding which entities qualify as Entity List or Military End-User entities, thereby subjecting those entities to elevated export control restrictions under the Export Administration Regulations (EAR). U.S. export restrictions applicable to entities on the Entity List, Military End-User (MEU) List, and Specially Designated Nationals and Blocked Persons (SDN List) now apply to foreign affiliates that are, in the aggregate, owned 50% or more by one or more of the aforementioned entities. An entity that becomes subject to these restrictions because of its ownership structure will be subject to the most restrictive controls that attach to any of its parent entities, regardless of ownership stakes....