California voters have passed the California Privacy Rights Act (CPRA), expanding data protection for consumers. 

The YES on Prop 24 campaign announced the passage of the California Privacy Rights Act, with a majority of Californians (56% according to the Secretary of State's web site) supporting the measure to strengthen consumer privacy rights. The new law will give Californians the strongest online privacy rights in the world, says the campaign, including protecting sensitive personal information, tripling fines against companies that violate kids' data, establishing an enforcement arm for consumers, and making it harder to weaken privacy laws in the future.

Experts believe that this sweeping privacy law will set the bar for privacy rights for the rest of the nation and that federal laws will follow suit. 

"With tonight's historic passage of Prop 24, the California Privacy Rights Act, we are at the beginning of a journey that will profoundly shape the fabric of our society by redefining who is in control of our most personal information and putting consumers back in charge of their own data," said Alastair Mactaggart, Chair of Californians for Consumer Privacy and Prop 24 sponsor. "I'm looking forward to the work ahead and the next steps in implementing this law, including setting up a commission that is dedicated to protecting consumers online." 

"I look forward to ushering in a new era of consumer privacy rights with passage of Prop 24, the California Privacy Rights Act," said Andrew Yang, Chair of the Board of Advisors for Californians for Consumer Privacy. "It will sweep the country and I'm grateful to Californians for setting a new higher standard for how our data is treated."

Commenting on the news, Mohit Tiwari, Co-Founder and CEO at Symmetry Systems, says, “CPRA adds more teeth to enforcement and emphasizes additional focus on kids' privacy -- both are valuable moves towards incentivizing products that respect consumers' privacy. The initial effect may be that organizations will try to instrument their sprawling infrastructure to measure data risk and add protections where they are needed most. Longer term, this is a clear signal from the people to entrepreneurs - there is a keen demand for products that complement the ad-driven "town-square" model, and we should innovate on both respectful products and privacy-centric developer-frameworks to build these products.”

Brendan O’Connor, CEO and Co-Founder at AppOmni, notes, “CPRA is the latest chapter in a global trend towards enhanced privacy for consumers, and harsher consequences for companies that fail to put appropriate safeguards in place. This is a "win" for consumer privacy, but implementing the appropriate safeguards to comply with CPRA can be quite challenging. Data doesn't live in one place - it has a footprint that spans many systems and applications throughout the enterprise. The pandemic has greatly accelerated the adoption of Cloud applications, and more data than ever before is stored and accessed outside the corporate perimeter. Organizations of all sizes must evolve their security strategy to operate in this new landscape. We can no longer rely on firewalls, gateways, and access brokers to keep the data inside - its already gone to the cloud. Organizations must move their safeguards and security checks closer to the data, and apply more fine-grained access controls than ever before. This is a lot for security and privacy teams to manage. Successful organizations will invest in technologies that show them who has access to consumer data in Cloud applications, and provide continuous assurance that appropriate safeguards are in place."