The business-to-business (“B2B”) and human resources (“HR”) exemptions to the California Consumer Privacy Act (“CCPA”) have been extended for a full year, and will now expire no sooner than January 1, 2022 – and a further one-year extension seems likely.
The B2B and HR exemptions have thus far permitted businesses to omit these types of data from their CCPA compliance programs – a significant dose of business-friendliness in an otherwise burdensome regime. As we discussed in our end-of-summer recap “While You Were Out” blog post early last month, these exemptions are widely relied on, but have been subject to a January 1, 2021 sunset.
A few weeks ago, the California legislature passed AB 1281 – a one-year extension of the B2B and HR exemptions. Since then the business community has been watching to see if Governor Newsom would sign AB 1281 by the September 30 deadline. We can now report that the Governor did sign the bill on September 29, and the California Secretary of State “chaptered” AB 1281 into law the same day.
As with most things CCPA, the story does get a little more complicated. On November 3, Californians will vote on a referendum to approve, or not, the California Privacy Rights Act (“CPRA”). Among many other changes to California privacy law, CPRA would extend the HR and B2B exemptions for a further year, to January 1, 2023. Polling from earlier this summer – albeit, polling fielded by the CPRA’s leading sponsors – suggests widespread support among Californians for the CPRA. With the statutory extension now firmly in place, however, businesses can rely on the B2B and HR exemptions for at least one more year whether or not the CPRA passes in November.
To subscribe to the Data Blog, please click here.
The authors would like to thank Debevoise law clerk Stephanie Thomas for her contribution to this article.
