On May 14, California Secretary of State Alex Padilla announced that the California Privacy Rights Act of 2020 (the “CPRA”) had obtained sufficient raw signatures to qualify for the November 3, 2020 ballot.  Those signatures are currently being verified by the counties in which they were obtained.  However, based on a complaint filed June 8 by Alastair Mactaggart and other members of Californians for Consumer Privacy—the proponents of the CPRA—it appears that the verification process may not be completed in time for the CPRA to appear on the ballot this Fall.

The lawsuit, Alastair Mactaggart, et al. v. Padilla, filed in Sacramento County Superior Court, alleges that Secretary of State Padilla failed to adhere to a provision of the California Elections Code requiring his office to “immediately” notify county officials to begin the verification process upon receipt of a sufficient number of raw signatures.  Here is a brief timeline of the events alleged in the Complaint:

  • May 1, 2020: Californians for Consumer Privacy submits a total of over 930,000 signatures in support of the CPRA. Each county registrar of voters receives the signatures obtained in that county.  Upon receipt, county election officials must determine the total number of signatures gathered, and transmit their “raw counts” to the Secretary of State within eight working days.
  • May 13, 5:27 PM: The total raw count of signatures meets the threshold to trigger verification when Riverside County submits its signatures to the Secretary of State.
  • May 14, 4:02 PM: The Secretary of State notifies county registrars that the threshold is met, commencing the signature verification process.
  • June 25, 2020: Deadline, as specified in Article II, § 8(c) of the California Constitution for qualification of all measures to appear on the November 3, 2020 ballot.
  • June 26, 2020: Counties’ deadline to complete the verification process based on the date of notification that the raw count was met for the CPRA.

In other words, if the counties take the time allowed under the Elections Code to complete verification of signatures, that process would be completed the day after the deadline to get the CPRA on the November ballot.  The lawsuit asks the Court to order the Secretary of State to compel all 58 California counties to complete the verification process at least one day sooner in order to ensure that in November 2020 Californians have “the opportunity to vote on whether to strengthen consumer privacy laws and prevent them from being undermined by future legislation.”

The essential argument in the Mactaggart Complaint is that the Secretary of State did not act “immediately” when his office notified county registrars that the CPRA met the raw signature threshold the day after receiving the batch of signatures from Riverside County.  According to the Complaint, the Secretary of State explained that the next-day notification took place because the signatures from Riverside were received after the close of business on May 13.  Californians for Consumer Privacy claim, however, that the Secretary of State transmits notice afterhours approximately fifty percent of the time based on their research into the times of day when the Secretary of State issued notifications for other ballot measures in recent years.

It remains to be seen how the Court may interpret the term “immediately” and whether it will agree to (or even has the power to) order the Secretary of State to require county registrars to complete the certification process sooner than statutorily allowed.

All of this, of course, also begs the question of why Californians for Consumer Privacy waited until May 1 to submit their signatures and start the qualification process for the CPRA.  In the Complaint, Mactaggart blames a combination of COVID-19-related delays and a calculation of the deadline that presumed same-day notification by the Secretary of State.  Still, given the importance of the CPRA as described by its proponents and the fact the 930,000 signatures obtained far exceed the minimum requirements, surely the more prudent approach would have been to submit sooner.  As the lawsuit makes clear, a one-day delay could prevent the CPRA from appearing on the Fall ballot.

A delay of the CPRA could provide businesses with some reassurance that all the changes they made to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) will not immediately be outdated.  On the other hand, the same uncertainty currently lurking behind data privacy rules in California could return in full force if the CPRA ends up on the ballot in 2021.

We will continue to follow the developments in this case and the CPRA more generally, and will provide updates as we learn more.