In the U.S., the California Consumer Privacy Act (the CCPA) went into effect on January 1, 2020 and accompanying regulations were issued by the California Office of the Attorney General in June 2020. Among other things, the CCPA requires covered companies to provide new disclosures to California consumers and afford such consumers new abilities to access and delete their personal information, and to opt-out of certain sales of personal information. On November 3, 2020, California voters approved the California Privacy Rights and Enforcement Act (the CPRA), which is expected to go into effect on January 1, 2023. The CPRA significantly modifies the CCPA and further aligns California privacy laws with the GDPR.
Similar legislation has been proposed or adopted in other states. On March 2, 2021, Virginia enacted the Virginia Consumer Data Protection Act, a comprehensive privacy statute that becomes effective on January 1, 2023 and shares similarities with the CCPA, CPRA, and legislation proposed in other states. Colorado enacted the similar Colorado Privacy Act on June 8, 2021, which will become effective July 1, 2023. Aspects of the CCPA, the CPRA and these other state laws and regulations, as well as their enforcement, remain unclear.
We will need to closely monitor developments, including enforcement actions or private litigation under the GDPR, CCPA, CPRA, and other laws to determine whether we will need to modify our data processing practices and policies, which may result in us incurring additional costs and expenses in an effort to comply.
We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection, and information security, and may be subject to other actual or asserted obligations, including industry standards, relating to privacy, data protection, and information security. We strive to comply with applicable laws, regulations, policies, and other legal obligations relating to privacy, data protection, and information security to the extent possible. However, the regulatory frameworks for privacy, data protection, and information security worldwide are evolving rapidly, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices.
Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to subscribers or other third parties, applicable laws or regulations, or any of our other legal obligations could materially adversely affect our business.
Additionally, if third parties we work with, such as sub-processors, vendors, or developers, violate applicable laws or regulations, contractual obligations, or our policies - or if it is perceived that such violations have occurred - such actual or perceived violations may also have an adverse effect on our business. Further, any significant change to applicable laws, regulations, or industry practices regarding the collection, use, retention, security, disclosure, or other processing of data, or regarding the manner in which the express or implied consent of users for the collection, use, retention, disclosure, or other processing of data is obtained, could increase our costs and require us to modify our business practices.
Risks Related to Our Reliance on Third Parties
We rely on partners and third-party service providers and if such third parties do not perform adequately or terminate their relationships, our costs may increase and our business, financial condition and results of operations could be adversely affected.
Our success depends in part on our relationships with our partners and third-party service providers. For example, we use third-parties to provide housekeeping services and maintain our subscription platform. If any of our third-party providers terminates their relationship with us or refuses to renew their agreement with us on commercially reasonable terms, we would need to find alternate providers and may not be able to secure similar terms or replace such providers in acceptable time frames. Moreover, we are limited by exclusivity terms and other restrictions with certain third-party service providers which may limit our ability to enter into relationships with new or alternative third-party service providers.
Our relationships with our partners continue to shift as industry dynamics change, and our partners may be less willing to partner with us as such shifts occur. If any significant partner decided to compete with us, it could adversely impact our sales and harm our business, operating results, and prospects.
Furthermore, any negative publicity related to any of our third-party partners, including any publicity related to quality standards or safety concerns, could adversely affect our reputation and brand, and could potentially lead to increased regulatory or litigation exposure.