There are a couple of things.
I think the first aspect is that the idea of asking the organization to explain what they are doing on the privacy side is very similar to the GDPR, to what we are seeing at the moment. I think it's positive in itself.
The second aspect is that there are some interesting legal bases and ways of making legal the processing of personal information, and I will give the example of legitimate business exemptions. Unfortunately, I want to say that they don't go as far as the GDPR does, and I think this is something that should be considered, at the very least.
The third aspect—and I think it's important—is that the CPPA places privacy as a cornerstone for society, very similarly to the GDPR. I want to be clear that the GDPR has been a shock in Europe in itself. Everyone knew about it. It was an earthquake. I tend to think that the CPPA in its current version, with some improvements, could have the same effect, potentially pushing the organizations to do even more on the privacy side, relying on what they've been doing.
I think those are the elements that are common between the two regimes.