Filed 2/9/24 CERTIFIED FOR PUBLICATION
IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA
THIRD APPELLATE DISTRICT
(Sacramento) ----
CALIFORNIA PRIVACY PROTECTION AGENCY C099130 et al., (Super. Ct. No. 34-2023- Petitioners, 80004106)
v.
THE SUPERIOR COURT OF SACRAMENTO COUNTY,
Respondent;
CALIFORNIA CHAMBER OF COMMERCE,
Real Party in Interest.
1 ORIGINAL PROCEEDING in mandate. Petition granted with directions. James P. Arguelles, Judge.
Rob Bonta, Attorney General, Thomas S. Patterson, Senior Assistant Attorney General, Paul Stein, Supervising Deputy Attorney General, Natasha A. Saggar Sheth, Deputy Attorney General for Petitioners.
No appearance for Respondent.
Nielsen Merksamer Parrinello Gross and Leoni, Sean Patrick Welch, Kurt R. Oneto and David J. Lazarus for Real Party in Interest.
This case concerns the implementation of Proposition 24, the California Privacy Rights Act of 2020 (the Act). The California Privacy Protection Agency and others (collectively, the Agency)1 have filed a petition for extraordinary writ relief in the nature of mandamus, challenging the trial court’s determination that any implementing regulation required by the Act is not enforceable on the date specified by the Act--July 1, 2023--but instead is enforceable one year after that regulation becomes final. As we next explain, we shall issue a peremptory writ of mandate. FACTUAL AND PROCEDURAL BACKGROUND In view of the limited issue raised here, we dispense with a detailed recitation of the underlying facts and procedure and summarize the pertinent background of this case. The Right of Privacy In 1972, the electorate amended the California Constitution through an initiative measure to include the right of privacy as an inalienable right. (Cal. Const., art. 1, § 1; Hill v. National Collegiate Athletic Assn. (1994) 7 Cal.4th 1, 16.) The central concern of this initiative measure (referred to as the Privacy Initiative) was the protection of informational privacy. (Williams v. Superior Court (2017) 3 Cal.5th 531, 552; Lewis v.
1 The other petitioners are members of the Agency’s board and the California Attorney General.
2 Superior Court (2017) 3 Ca1.5th 561, 569 [“The Privacy Initiative addressed the ‘accelerating encroachment on personal freedom and security caused by increased surveillance and data collection activity in contemporary society’ ”].) “The principal ‘ “mischiefs” ’ that the Privacy Initiative addressed were ‘(1) “government snooping” and the secret gathering of personal information; (2) the overbroad collection and retention of unnecessary personal information by government and business interests; (3) the improper use of information properly obtained for a specific purpose, for example, the use of it for another purpose or the disclosure of it to some third party; and (4) the lack of a reasonable check on the accuracy of existing records.’ ” (Lewis, at p. 569.) The California Consumer Privacy Act of 2018 Since the right of privacy was added to the California Constitution, various laws have been enacted by the Legislature to safeguard the informational privacy of Californians, including the California Consumer Privacy Act of 2018 (CCPA), Civil Code section 1798.100 et seq.2 (Stats. 2018, ch. 55, § 3.) The purpose of the CCPA, which was enacted in June 2018 and became operative on January 1, 2020, was to protect consumers’ privacy rights by providing them meaningful control over how their personal information is collected, used, and disclosed by a covered business.3 (Stats. 2018, ch. 55, §§ 2-3; see id. § 3 [defining the term “business” for purposes of the CCPA and granting
2 Further undesignated statutory references are to the Civil Code.
3 The CCPA was enacted after it came to light in March 2018 that tens of millions of people had their personal data misused by a data mining firm called Cambridge Analytica. (See Stats. 2018, ch. 55, § 2.) The law was passed in response to an initiative measure advocated by various consumer privacy groups. The Legislature enacted the law after the initiative’s official proponents withdrew the initiative from the ballot. (Guzzetta, Cal. Practice Guide: Privacy Law (The Rutter Group 2023) ¶ 3:1 (Guzzetta); see § 1798.198, subd. (b).)
3 consumers certain rights with respect to personal data collected by such businesses]; § 1798.198, subd. (a) [setting forth the operative date].) In enacting the CCPA, the Legislature found that the ability of consumers to control the use (including the sale) of their personal information is fundamental to the right of privacy, and that the misuse of personal information (such as unauthorized disclosure) can have devastating effects for consumers (such as financial fraud, identity theft, and reputational damage). Thus, consumers should have certain rights so that they can effectively control their personal information collected by a covered business. Those rights include (but are not limited to) the right to know what personal information is being collected about them and whether that information is sold or disclosed and to whom, the right to prohibit the sale of their personal information, the right to request deletion of their personal information, and the right to nondiscrimination in service and price when they exercise privacy rights. (Stats. 2018, ch. 55, §§ 2-3; see § 1798.100, subd. (a) [right to know what personal information has been collected]; § 1798.105, subd. (a) [right to delete personal information that has been collected]; § 1798.115, subd. (a) [right to know whether personal information has been sold or shared and to whom]; § 1798.120, subd. (a) [right to prohibit (or opt-out of) the sale or sharing of personal information]; § 1798.125 [right to nondiscrimination for exercising privacy rights].) The CCPA directed the Attorney General to adopt regulations concerning various delineated subject matter areas (e.g., the sale or sharing of personal information) by January 1, 2020, to carry out the provisions and purposes of the law, with the goal of, among other things, minimizing the administrative burden on consumers and the burden on businesses. (Stats. 2018, ch. 55, § 3; see former § 1798.185, subd. (a)(1)-(7).) The CCPA provided consumers a limited private right of action regarding certain unauthorized access and exfiltration (i.e., transfer of data from a computer or other device), theft, or disclosure of nonencrypted or nonredacted personal information by a covered business, and authorized the Attorney General to enforce the law through civil
4 enforcement actions. (Stats. 2018, ch. 55, § 3; see former § 1798.150 [private right of action]; former § 1798.155 [civil enforcement action by the Attorney General].) Under the CCPA, a covered business that failed to cure an alleged statutory violation within 30 days after being notified of such a violation was subject to civil penalties in an administrative action brought by the Attorney General. (Stats. 2018, ch. 55, § 3; see former § 1798.155, subd. (a).) In September 2018, three months after its enaction, the CCPA was amended in part by the Legislature’s extending the deadline for the Attorney General to adopt implementing regulations from January 1, 2020 (i.e., the operative date of the statute), to July 1, 2020.4 (Stats. 2018, ch. 735, § 13; see § 1798.185, subd. (a).) The Legislature also added subdivision (c) to section 1798.185, which prohibited the Attorney General from bringing a civil enforcement action “until six months after the publication of the final regulations issued pursuant to [the statute] or July 1, 2020, whichever [was] sooner.” (Stats. 2018, ch. 735, § 13; see § 1798.198, subd. (c).) In August 2020, the Office of Administrative Law (OAL) approved the Attorney General’s final implementing regulations, which govern compliance with the CCPA. (See Cal. Code Regs., tit. 11, § 7000 et seq. [formerly Cal. Code Regs., tit. 11, § 999.300 et seq].) A set of amendments to the regulations went into effect in March 2021. Any violation of the regulations constitutes a violation of the CCPA and is “subject to the remedies provided for therein.” (Cal. Code Regs., tit. 11, § 7000, subd. (b).) The Act In November 2020, the electorate approved Proposition 24, the California Privacy Rights Act of 2020 (Prop. 24, as approved by voters, Gen. Elec. (Nov. 3, 2020) (Prop.
4 The September 2018 amendments to the CCPA went into effect immediately. (Stats. 2018, ch. 735, § 18.)
5 24)), to which we refer as the Act.5 With a few immaterial exceptions, the Act became operative on January 1, 2023. (Prop. 24, § 31.) The Act amended and expanded the CCPA by, among other things, giving consumers the right to correct inaccurate personal information collected by a covered business and to limit a covered business’s use and disclosure of “sensitive personal information” (e.g., social security number, racial or ethnic origin, religious beliefs, genetic data, precise geolocation) to specific identified purposes. (Prop. 24, §§ 4-24; see § 1798.106 [right to correct inaccurate personal information]; § 1798.121 [right to limit the use and disclosure of sensitive personal information]; § 1798.140, subd. (ae) [defining “sensitive personal information” for purposes of the CCPA]; Guzzetta, supra, at ¶ 3:2 [explaining that the Act incorporated several provisions of the European Union’s data privacy and security law, the General Data Protection Regulation].)6 The purpose of the Act was to further protect consumers’ rights regarding the collection and use (including sale) of personal information by a covered business.7 (Prop. 24, § 3.)
5 Proposition 24 was introduced as a ballot initiative in 2020, in response to the Legislature’s consideration of various bills in 2019 to amend the CCPA, which the proponents of Proposition 24 viewed as an attempt to weaken the CCPA. (See Prop. 24, § 2.) Because the Act did not replace the CCPA, the proper name of the law remains the California Consumer Privacy Act or CCPA for short. (Guzzetta, supra, at ¶ 3:2.3.) 6 The Act contains various exceptions to the applicability of the CCPA. (See, e.g., § 1798.140, subd. (v)(2) [personal information does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern].) The Act also contains a set of exceptions for categories of information governed by other privacy-protecting statutes. (See, e.g., § 1798.145, subd. (c) [the CCPA does not apply to medical information governed by the Confidentiality of Medical Information Act].) These exceptions are immaterial to the resolution of this writ proceeding. 7 The Act defines “personal information” broadly to include “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” (See § 1798.140, subd. (v)(1).) Covered businesses include businesses that collect information from California consumers and either: have annual gross revenues exceeding $25 million
6 The Act established the Agency and vested it with the authority to administer, implement, and enforce the CCPA through administrative and civil actions for civil penalties. (Prop. 24, §§ 17, 21, 24; see §§ 1798.155, subd. (a), 1798.199.10, subd. (a), 1798.199.40, subd. (a), 1798.199.75, subd. (a).) The Act informed the electorate that the Agency would be an “independent watchdog” with a “mission” to protect consumer privacy, ensure that businesses and consumers are well-informed about their rights and obligations, and vigorously enforce the law against businesses that violate consumers’ privacy rights. (Prop. 24, § 2(L).) Of particular relevance here, as we emphasize below, the Act authorized the Agency to adopt, amend, and rescind regulations to carry out the purposes and provisions of the CCPA, directed the Agency to adopt final regulations concerning certain delineated subject matter areas, including 15 new areas (e.g., consumers’ right to request the correction of inaccurate personal information), and established a deadline of July 1, 2022, for the adoption of final regulations in those 15 areas. (Prop. 24, § 21; see §§ 1798.185, subds. (a), (d), 1798.199.40, subd. (b).) The Act also provided that the Agency’s enforcement authority would take effect on July 1, 2023, and that the Agency’s enforcement authority only applied to statutory violations occurring on or after that date. (Prop. 24, § 21; see § 1798.185, subd. (d).) As for administrative enforcement, the Act eliminated the provision in the CCPA giving a business 30 days to cure an alleged statutory violation to avoid a civil penalty. (Prop. 24, § 17; see § 1798.155, subd. (a).) However, it added a provision granting the Agency discretion to allow a covered business “a time period to cure [an] alleged violation.” (See § 1798.199.45, subd. (a) [in exercising its discretion, the Agency may consider a business’s lack of intent to violate the statute and any voluntary efforts to cure the alleged violation].)
a year; buy, sell, or share personal information of 100,000 or more consumers or households; or derive 50 percent or more of their annual revenues from selling or sharing consumers’ personal information. (§ 1798.140, subd. (d).)
7 In the proposal section of the voter information guide, which was prepared by the Legislative Analyst, the electorate was advised as follows: “Proposition 24 (1) changes existing consumer data privacy laws, (2) provides new consumer privacy rights, (3) changes existing penalties and limits the use of penalty revenues, and (4) creates a new state agency to oversee and enforce consumer data privacy laws. If approved, most of this proposition would take effect in January 2023. Some portions of the proposition, such as the creation of the new state agency and requirements for developing new regulations, would go into effect immediately.” (Voter Information Guide, Gen. Elec. (Nov. 3, 2020) analysis of Prop. 24 by the Legis. Analyst, p. 67 (Voter Guide).) The Legislative Analyst explained that the Agency would have “a wide range of responsibilities,” including the investigation of statutory violations, assessment of penalties, and the “development of a wide range of new regulations,” such as “rules for correcting consumer personal data and determining whether businesses must carry out a review of their ability to protect data.” (Voter Guide, p. 68.) The uncodified purpose and intent section of Proposition 24 identified various principles that shall guide implementation of the Act. Of significance here, those principles include: (1) “The rights of consumers and the responsibilities of businesses should be implemented with the goal of strengthening consumer privacy while giving attention to the impact on business and innovation”; (2) “Businesses and consumers should be provided with clear guidance about their responsibilities and rights”; (4) “The law should . . . assist businesses with compliance with the continuing goal of strengthening consumer privacy”; (5) “The law should . . . promote efficiency of implementation for business provided that the amendments do not compromise or weaken consumer privacy”; and (7) “Businesses should be held accountable for violating the law through vigorous administrative and civil enforcement.” (Prop. 24, § 3(C).)
8 The Agency’s Final Implementing Regulations It is undisputed that the Agency did not adopt any final regulations by the July 1, 2022, date mandated by the Act. On July 8, 2022, the Agency published a notice of proposed rulemaking concerning the Act, announcing its intent to amend numerous regulations implementing the CCPA and repealing one of those regulations. The notice stated that the proposed regulations were “the most effective way to operationalize the [Act’s] amendments to the CCPA,” explaining that the regulations “primarily do three things: (1) update existing CCPA regulations to harmonize them with [the Act’s] amendments to the CCPA; (2) operationalize new rights and concepts introduced by the [Act] to provide clarity and specificity to implement the law; and (3) reorganize and consolidate requirements set forth in the law to make the regulations easier to follow and understand.”8 The notice further explained, among other things, that the proposed regulations set forth clear requirements for how covered businesses are to satisfy their obligations under the Act. On March 29, 2023--nine months after the July 1, 2022, statutory deadline had passed--the OAL approved the Agency’s proposed final regulations, including regulations concerning 12 of the 15 required subject matter areas set forth in the Act. (See Cal. Code Regs., tit. 11, § 7000 et seq.)9 In its notice of approval of regulatory
8 As the Agency recognized during the rulemaking process, it was delegated the authority to “fill up the details” of the statutory scheme through the promulgation of final regulations. (See Batt v. City and County of San Francisco (2010) 184 Cal.App.4th 163, 171 [describing authority of an agency vested with quasi-legislative power to adopt regulations implementing a statutory scheme].) 9 It is undisputed that the Agency’s proposed final regulations did not include regulations concerning the required subject matter areas of cybersecurity audits (§ 1798.185, subd. (a)(15)(A)), risk assessments (§ 1798.185, subd. (a)(15)(B)), and automated decisionmaking technology (§ 1798.185, subd. (a)(16)). The Agency has represented that it will not enforce the law in these areas until final regulations are adopted.
9 action, the OAL explained: “This proposed action provides comprehensive instructions and guidance to consumers, businesses, service providers, contractors, and third parties on how to implement and operationalize new consumer privacy rights endowed by the [Act].” Like the final regulations implementing the CCPA, the final regulations implementing the Act govern compliance with the CCPA (as amended and expanded by the Act), and any violation of those regulations constitutes a violation of the CCPA and is “subject to the remedies provided for therein.” (Cal. Code Regs., tit. 11, § 7000, subd. (b).) As for administrative enforcement, the OAL approved a regulation providing discretion to the Agency: “As part of the Agency’s decision to pursue investigations of possible or alleged violations of the CCPA, the Agency may consider all facts it determines to be relevant, including the amount of time between the effective date of the statutory or regulatory requirement(s) and the possible or alleged violation(s) of those requirements, and good-faith efforts to comply with those requirements.” (Cal. Code Regs., tit. 11, § 7301, subd. (b).) Petition for Writ of Mandate The day after the OAL approved the Agency’s proposed final regulations implementing the Act, real party in interest the California Chamber of Commerce (Chamber) filed a verified petition for writ of mandate and complaint for injunctive and declaratory relief under Code of Civil Procedure section 1085. Among other things, the Chamber sought an order requiring the Agency to promptly adopt final regulations concerning the remaining three required subject matter areas set forth in the Act, and an order tolling enforcement of the Act, including all final regulations, until one year after the date the Agency adopts a complete set of final regulations. The Chamber claimed that “[s]uch tolling [was] necessary to conform to the statutory requirement and voters’ intent that businesses receive a one-year grace period to update their systems and processes to comply with the new legal requirements.” The Chamber provided no explanation for
10 why it did not seek writ relief earlier, that is, why its writ petition was filed nine months after the Agency failed to meet the July 1, 2022, deadline for adopting final implementing regulations required under the Act. After a hearing in late June 2023, the trial court granted the Chamber’s writ petition in part and dismissed as moot the Chamber’s related requests for declaratory and injunctive relief. The court agreed with the Chamber that the Agency was required to adopt final regulations in each of the 15 subject matter areas delineated in the Act by the July 1, 2022, deadline, but had failed to do so. However, the court made no orders in that regard. The court also agreed with the Chamber that, in approving Proposition 24, the voters intended for (at least) a one-year delay between the adoption and the enforcement of those regulations (the period of time between the July 1, 2022, deadline for the adoption of final regulations and the July 1, 2023, effective date for enforcement authority). The court, however, disagreed with the Chamber that the one-year period should commence on the date the Agency adopted a complete set of final regulations. Instead, the court concluded that the Agency could begin enforcing any required regulation one year after it became final. Thus, under the court’s order, the final implementing regulations approved by the OAL on March 29, 2023, could not be enforced by the Agency until March 29, 2024. Finally, the court rejected the Agency’s prejudice argument, finding the Chamber was not required to show any prejudice from the Agency’s failure to adopt final implementing regulations by the statutory deadline (July 1, 2022) or from the Agency’s enforcement of those regulations beginning on July 1, 2023. In rejecting this argument, the court opined: “The Court’s finding that the Agency failed to timely pass final regulations as required by Section 1798.185 is sufficient to grant the Petition.” In granting the Chamber’s writ petition in part, the trial court “stayed” enforcement of any final implementing regulation required by the Act (§ 1798.185, subd. (a)) “for a period of 12 months from the date that individual regulation becomes final.”
11 The court further ordered that, “[c]onsistent with the plain language of Section 1798.185, subdivision (d), regulations previously passed pursuant to the CCPA will remain in full force and effect until superseding regulations passed by the Agency become enforceable in accordance with the Court’s Order.” The court, however, did not grant the Chamber’s request to compel the Agency to promptly adopt final regulations in the remaining three areas required by the Act.10 Entry of Judgment and Petition for Extraordinary Writ Relief In late July 2023, the trial court entered judgment in favor of the Chamber and against the Agency. In relevant part, the judgment stated: “Any and all final Agency regulations required by Civil Code § 1798.185(a), pursuant to Proposition 24 (2020), shall not be enforceable for a period of 12 months from the date that the individual regulation has become final through approval by the Office of Administrative Law (“OAL”) . . . . This stay of enforcement does not apply to regulatory amendments made after the individual regulation has become final through approval by OAL and expiration of the aforementioned 12-month period. Regulations previously promulgated pursuant to the 2018 California Consumer Privacy Act will remain in full force and effect until superseding regulations promulgated by the Agency become enforceable in accordance with this Judgment.” In early August 2023, the Agency filed a petition for extraordinary writ relief in the nature of mandamus, seeking reversal of the trial court’s order.11 We issued an order
10 The issue of whether the trial court erred in failing to grant this relief is not before us. To the extent respondent court previously declined to grant this relief in light of its decision that a delay in implementation must be imposed, nothing in this opinion precludes the court from reconsidering that issue. 11 Several weeks later, in late August 2023, the Agency filed an appeal from the judgment issued following the trial court’s order. (See California Chamber of Commerce v. California Privacy Protection Agency (C099326, app. pending).)
12 to show cause why the relief requested in the petition should not be granted and directed the Chamber to file a written return, which was filed in early October 2023. A reply brief was filed two weeks later, and the matter was assigned to this panel on October 31, 2023. The Agency did not request a stay of the trial court’s order after our issuance of the order to show cause; thus, the order has been in effect while this matter has been pending. DISCUSSION I Review by Extraordinary Writ The Agency argues, and we agree, that extraordinary writ review is appropriate. “Extraordinary writ review by way of a petition for writ of mandate is ordinarily available only if the petitioner has no adequate legal remedy. [Citations.] An immediate direct appeal is presumed to be an adequate legal remedy. [Citation.] Writ review is appropriate, however, if such an appeal would be inadequate or the issues presented are of great public importance and require prompt resolution.” (Henry M. Lee Law Corp. v. Superior Court (2012) 204 Cal.App.4th 1375, 1382-1383; see also Dhillon v. John Muir Health (2017) 2 Cal.5th 1109, 1119; JSM Tuscany, LLC v. Superior Court (2011) 193 Cal.App.4th 1222, 1235-1236; see Los Angeles City Ethics Com. v. Superior Court (1992) 8 Cal.App.4th 1287, 1299 [even though an appeal is available, review by extraordinary writ proper where the issue raised is substantial, the matter is one of widespread interest, and the issue is one that should be speedily resolved].) Writ review of an appealable order is also appropriate “where it is necessary to resolve an issue of first impression promptly and to set guidelines for bench and bar.” (Rodrigues v. Superior Court (2005) 127 Cal.App.4th 1027, 1032.) Here, it is undisputed that the judgment entered below was appealable. (Code Civ. Proc., § 904.1, subd. (a)(1).) Indeed, as noted ante, the Agency has appealed from it. (See California Chamber of Commerce v. California Privacy Protection Agency (C099326, app. pending).) However, writ review is appropriate under the circumstances
13 presented, as the timing of the Agency’s authority to enforce the changes to consumer privacy rights effected by the Act presents a novel issue of law that is of widespread interest and requires prompt resolution to establish the guidelines for the enforcement of the new consumer privacy rights and the changes to existing consumer privacy rights. As discussed, the trial court stayed enforcement of any final implementing regulation required by the Act until one year after that regulation becomes final. Thus, under the court’s order, the regulations adopted by the Agency on March 29, 2023, are not enforceable until March 29, 2024, for statutory violations occurring on or after that date. Further, the remaining regulations that were still pending at the time of the court’s order are facing delayed enforcement of one year beyond their adoption. According to the Agency, this ruling was incorrect as a matter of law, as the text of the Act provides that all final implementing regulations required by the Act are enforceable beginning on July 1, 2023. In other words, the Agency claims that it currently has the authority to enforce the final regulations adopted in March 2023. On this record, it is clear that review by extraordinary writ is proper. We next address the merits of the writ petition. II Interpreting the Relevant Provision of the Act The Agency argues the trial court erred in interpreting the Act as prohibiting it from enforcing any implementing regulation required by the Act until one year after that regulation becomes final. The Agency claims the court’s construction of the Act is erroneous in the absence of any clear, express statutory language requiring a one-year delay between its adoption of a required final regulation and its enforcement of that regulation. In support of its argument, the Agency asserts that the court’s order contravenes the plain language of the Act, which provides that the Act became effective on January 1, 2023, and the Agency was permitted to exercise its enforcement authority as of July 1, 2023.
14 A. Applicable Legal Principles and Standard of Review
1. Writ of Mandate A writ of mandate under Code of Civil Procedure section 108512 is a legal tool to compel a public agency to perform a legal, typically ministerial, duty. (Association of Deputy District Attorneys for Los Angeles County v. Gascón (2022) 79 Cal.App.5th 503, 528, review granted Aug. 31, 2022, S275478; Association of Irritated Residents v. San Joaquin Valley Unified Air Pollution Control Dist. (2008) 168 Cal.App.4th 535, 542.) A ministerial duty is an act that a public agency is required to perform in a prescribed manner under the mandate of legal authority without the exercise of judgment or opinion concerning the propriety of the act. (Los Angeles Waterkeeper v. State Water Resources Control Bd. (2023) 92 Cal.App.5th 230, 265-266.) “Put another way, a ministerial act is one ‘ “ ‘[w]here a statute or ordinance clearly defines the specific duties or course of conduct that a governing body must take,’ ” ’ thus ‘ “ ‘eliminat[ing] any element of discretion.’ ” ’ ” (Ibid.) To obtain a writ of mandate, “ ‘the petitioner must show there is no other plain, speedy, and adequate remedy; the respondent has a clear, present, and ministerial duty to act in a particular way; and the petitioner has a clear, present and beneficial right to performance of that duty.’ ” (James v. State of California (2014) 229 Cal.App.4th 130, 136 (James).) Where a public agency is required to act within a specified time period and it fails to do so, the time period may be enforced by a petition for writ of mandate. (State Comp. Ins. Fund v. Workers’ Comp. Appeals Bd. (2016) 248 Cal.App.4th 349, 370.)
12 Code of Civil Procedure section 1085 states in pertinent part: “A writ of mandate may be issued by any court to any inferior tribunal, corporation, board, or person, to compel the performance of an act which the law specially enjoins, as a duty resulting from an office, trust, or station.”
15 “ ‘In reviewing a judgment granting a writ of mandate, we apply the substantial evidence standard of review to the court’s factual findings, but independently review its findings on legal issues. [Citation.]’ [Citation.] ‘Where, as here, the facts are undisputed and the issue involves statutory interpretation, we exercise our independent judgment and review the matter de novo.’ ” (James, supra, 229 Cal.App.4th at p. 136; see also CV Amalgamated LLC v. City of Chula Vista (2022) 82 Cal.App.5th 265, 280.) 2. Voter-Enacted Statutes Under California law, the Secretary of State must prepare a voter information guide when voters are considering a new statute at the ballot box. The guide must include, among other things, a complete copy of the proposed measure, the official summary prepared by the Attorney General, arguments and rebuttals for and against, and an analysis prepared by the Legislative Analyst. (Elec. Code, §§ 9081, 9084, subds. (a)- (d), 9086, subds. (a), (b).) The Legislative Analyst must provide an “impartial analysis of the measure” (id. § 9087, subd. (a)) that is “easily understood by the average voter” (id., subd. (b)). The analysis “may contain background information, including the effect of the measure on existing law and the effect of enacted legislation which will become effective if the measure is adopted, and shall generally set forth in an impartial manner the information the average voter needs to adequately understand the measure.” (Ibid.) The measure’s official proponents and opponents may use their designated space in the voter information guide to supply an argument addressing a perceived failure by the Legislative Analyst as to an effect of the measure. (See id. §§ 9064, 9069.) When, as here, an appellate court is asked to interpret the meaning of a voter- enacted statute, our fundamental task is to ascertain the voters’ intent in order to effectuate the purpose of the law. (People v. Johnson (2015) 61 Cal.4th 674, 682.) “To interpret a statute enacted by initiative, we apply the same principles we apply to interpret statutes enacted by the Legislature. ‘We first consider the initiative’s language, giving the words their ordinary meaning and construing [them] in the context of the statute and
16 initiative as a whole. If the language is not ambiguous, [then] we presume the voters intended the meaning apparent from that language, and we may not add to the statute or rewrite it to conform to some assumed intent not apparent from that language. If the language is ambiguous, [then we] may consider ballot summaries and arguments in determining the voters’ intent and understanding of [the] ballot measure.’ ” (B.B. v. County of Los Angeles (2020) 10 Cal.5th 1, 9; see People v. Morales (2016) 63 Cal.4th 399, 406 [“ ‘ “When the language is ambiguous, ‘we refer to other indicia of the voters’ intent, particularly the analyses and arguments contained in the official ballot pamphlet’ ” ’ ”].) If the language used in the voter-enacted statute is clear and unambiguous, there is no need for construction, and it is not necessary to resort to indicia of the intent of the voters. (People v. Valencia (2017) 3 Cal.5th 347, 357.) In giving the language used in a statute its ordinary meaning, we generally must accord significance, if possible, to every word, phrase, and sentence in pursuance of the law’s purpose, and avoid a construction that makes some words surplusage. (Ibid.) To determine the scope and purpose of the provision we are interpreting, we look to the entire substance of the voter-enacted statute, that is, we construe the words in question in context, keeping in mind the nature and purpose of the statute. We must harmonize the various parts of a statutory enactment by considering the particular clause or section in the context of the statutory framework as a whole. (People v. Lewis (2021) 11 Cal.5th 952, 961.) The statements of purpose and intent in an uncodified section of an initiative measure may properly be utilized as an aid in construing the measure, but they do not confer power, determine rights, or enlarge the scope of the measure. (People v. Guzman (2005) 35 Cal.4th 577, 588; People v. Lamoureux (2019) 42 Cal.App.5th 241, 266.)
17 B. Analysis We begin our analysis by setting forth the relevant language of the Act at the heart of this writ proceeding:
“[T]he timeline for adopting final regulations required by the act adding this subdivision shall be July 1, 2022. . . . Notwithstanding any other law, civil and administrative enforcement of the provisions of law added or amended by this act shall not commence until July 1, 2023, and shall only apply to violations occurring on or after that date. Enforcement of provisions of law contained in the California Consumer Privacy Act of 2018 amended by this act shall remain in effect and shall be enforceable until the same provisions of this act become enforceable.” (§ 1798.185, subd. (d).) There is no dispute that the Agency failed to comply with the express terms of this provision, which clearly and unequivocally imposed a mandatory duty on the Agency to adopt final regulations required by the Act on or before July 1, 2022. (See In re Luis B. (2006) 142 Cal.App.4th 1117, 1123 [use of the mandatory language “shall” indicates an intent to impose a mandatory duty]; County of Los Angeles v. Superior Court (2002) 102 Cal.App.4th 627, 639 [“An enactment creates a mandatory duty if it requires a public agency to take a particular action”].) But compliance was sought by the Chamber only after the Agency had adopted final regulations in 12 of the required 15 areas, nine months after the deadline had passed. And the trial court did not make any orders enforcing that provision. Instead, the trial court directed its remedy to the Chamber’s challenge to the ongoing validity of the July 1, 2023, enforcement date--a challenge derived from the Agency’s delay in adopting the final regulations. The Chamber sought an order staying enforcement of the Act and its implementing regulations until one year after the Agency adopted a complete set of final regulations required by the Act. As we noted ante, the trial court invalidated the July 1, 2023, enforcement date and ruled the Agency could not enforce any required regulation until one year after that regulation became final. The
18 court opined that its “finding that the Agency failed to timely pass final regulations as required by Section 1798.185 is sufficient to grant the Petition.” We are called upon to decide whether the trial court’s remedy for the Agency’s failure to timely adopt final regulations in compliance with the Act was permissible writ relief and, in so deciding, whether the trial court correctly interpreted the Act. The effect of the chosen remedy was to disregard the Act’s unambiguous provision setting forth a July 1, 2023, date for the commencement of enforcement, and to substitute an enforcement schedule (i.e., a one-year gap regardless of the enforcement date) that was not set forth in the Act. The Chamber argues that the presence of a one-year gap between adoption (i.e., approval) of final regulations and enforcement is unambiguously dictated by the statutory language at issue here. The Agency counters that the Act is not properly interpreted as requiring a one-year delay between the Agency’s approval of a final regulation required by the Act and the Agency’s authority to enforce that regulation. We agree with the latter view. The statute does not unambiguously require a one-year gap between approval and enforcement regardless of when the approval occurs, and nothing in the relevant material presented for our review signals that the voters intended such a gap. Because the Agency did not have “clear, present, and ministerial duty” to delay enforcement of its final regulations for a year after their approval, and the Chamber did not have “a clear, present and beneficial right” to the delay in enforcement that it sought (and obtained), the writ should not have been issued. (See James, supra, 229 Cal.App.4th at p. 136.) Although the specific statutory provision at issue here includes what amounts to a one-year delay between the deadline for the Agency to approve final regulations required by the Act (July 1, 2022) and the Agency’s authority to enforce the Act (July 1, 2023), there is no clear, unequivocal language mandating a one-year delay between approval and enforcement. The Chamber has not pointed to, and we have not found, any language in the Act convincing us that the proper remedy for the Agency’s failure to timely approve
19 final regulations (i.e., comply with the July 1, 2022, deadline) is to disregard the July 1, 2023, enforcement date explicitly set forth in the statute and stay enforcement of any untimely regulation until one year after that regulation becomes final. There is no express statutory language prescribing such a consequence. Had the drafters of the measure and the voters intended to achieve the result advocated by the Chamber and adopted by the trial court, they could have easily done so. At most, the Act is ambiguous on this point. As the Agency correctly notes, there is no express language “linking enforcement [of the Act] with the promulgation of regulations.” Further, nothing in the Voter Guide supports the conclusion that the voters contemplated a one-year delay in enforcement connected to the approval of final regulations. The guide is silent as to the purpose of the one-year gap between the July 1, 2022, and July 1, 2023, dates. Thus, while the one-year gap could have been included to allow covered businesses to adjust to the new rules and to prepare to comply with them, as the Chamber argues, the gap also could have been included to provide the newly formed Agency with sufficient time to prepare to enforce the new rules, including hiring staff, establishing internal procedures for investigating and processing reported violations, and helping businesses to understand their new responsibilities and obligations. Or there could be other reasons for the gap. Finally, there is nothing in the relevant materials other than the July dates themselves to indicate that any gap between approval and enforcement was intentionally set at one year for any specific reason, let alone that the gap needed to remain at one year regardless of when the approval occurred. The Chamber’s argument that such a gap must be inferred here is belied by the fact there are other tools available to protect the interests it has identified. As one example noted above, the Agency itself has included a regulation that in deciding whether to pursue an investigation it will consider “all facts it determines to be relevant, including the amount of time between the effective date of the statutory or regulatory requirement(s) and the possible or alleged violation(s) of those requirements, and good-
20 faith efforts to comply with those requirements.” (Cal. Code Regs., tit. 11, § 7301, subd. (b).) The text of Proposition 24 makes clear that, in approving the initiative measure, the voters intended to strengthen and protect consumers’ privacy rights regarding the collection and use (including sale) of their personal information. (Prop. 24, §§ 2-4.) It is also evident from the text of the measure that the voters intended for the Agency to “vigorously enforce the law against businesses that violate consumers’ privacy rights.” (Id., § 2(L); see also id., § 3(C)(7) [“Businesses should be held accountable for violating the law through vigorous administrative and civil enforcement”].) However, it is equally clear from the language of the measure that the voters intended for the Agency to “ensure that businesses and consumers are well-informed about their rights and obligations” (id., § 2(L)), that the responsibilities of businesses should be implemented with the goal of “giving attention to the impact on business and innovation,” that businesses and consumers “should be provided with clear guidance about their responsibilities and rights,” and that the law should “assist businesses with compliance with the continuing goal of strengthening consumer privacy” (id., § 3(C)(1), (C)(2) & (C)(4)). In any event, because there is no “explicit and forceful language” mandating that the Agency is prohibited from enforcing the Act until (at least) one year after the Agency approves final regulations, the trial court erred in concluding otherwise. (See In re Dohner (2022) 79 Cal.App.5th 590, 598 [“ ‘To construe a statute . . . as imposing a mandatory duty on a public entity, “the mandatory nature of the duty must be phrased in explicit and forceful language” ’ ”].) The Chamber was simply not entitled to the relief granted by the trial court. Accordingly, we will grant the Agency’s petition for
21 extraordinary writ relief and allow the trial court to consider any remaining issues concerning the propriety of compelling more prompt development of regulations.13 DISPOSITION Let a peremptory writ of mandate issue directing the trial court to: (1) vacate its order and judgment granting the Chamber’s verified petition for writ of mandate in part and staying the Agency’s regulations “for a period of 12 months from the date that [each] individual regulation becomes final”; and (2) enter a new order denying such relief and otherwise considering any non-moot issue concerning the propriety of compelling more prompt development of regulations. Assuming no such issue remains, the superior court shall otherwise enter judgment in favor of the Agency and against the Chamber. This opinion is made final as to this court immediately upon filing. (See Cal. Rules of Court, rule 8.490(b)(2)(A).) The Agency shall recover its costs in this writ proceeding. (Cal. Rules of Court, rule 8.493(a).)
/s/ Duarte, J.
We concur:
/s/ Robie, Acting P.J.
/s/ Boulware Eurie, J.
13 In light of our resolution of this matter as set forth above, we need not and do not consider the other arguments raised by the Agency. Given our Disposition of this case, we deny as moot petitioners’ request for finality upon issuance.