What is CPRA? California Privacy Rights Act?
The California Privacy Rights Act (CPRA) is a state-wide data privacy bill passed into law in the General Election 2020. CPRA is expanding the existing CCPA, which is a stronger more GDPR like privacy law compared with CCPA.
CPRA expands the requirement for consent to cover more scenarios compared to CCPA. CPRA updated the opt-out right to specifically regulate personalized advertising and its use of personal information.
CPRA requires more controls and more function buttons compared with CCPA: "Do Not Share My Personal Information", "Limit the Use of My Sensitive Personal Information", "Correct My Information".
What is the enforcement date of the California Privacy Rights Act (CPRA)?
The California Privacy Rights Act (CPRA) passed on November 3, 2020.
The California Privacy Rights Act (CPRA) takes effect on January 1, 2023 and becomes fully enforceable on July 1, 2023, lookback period to January 1, 2022. You still have time to compliant with California Privacy Rights Act (CPRA).
The California Privacy Rights Act (CPRA) Summary and Consent
- Consent needed for the selling or sharing personal information after a user has already opted out.
- Consent needed when selling or sharing the personal information of minors.
- Consent needed for secondary use, selling or sharing of sensitive personal information after a user has opted out
- Consent needed for research exemptions
- Consent needed to opt-in to a financial incentive
The California Privacy Rights Act (CPRA) Timeline
- January 1, 2021: California Privacy Rights Act (CPRA) goes into law and the California Privacy Protection Agency (CPPA) is established.
- July 1, 2021: process for formulating and adopting CPRA regulations begin.
- January 1, 2022: PI collection becomes liable under the CPRA’s one-year lookback period.
- July 1, 2022: deadline for final CPRA regulations to be adopted by the California Privacy Protection Agency.
- January 1, 2023: CPRA enters into full force.
- July 1, 2023: Enforcement of the CPRA begins under the California Privacy Protection Agency.
CPRA applies to The following Businesses
For-profit businesses that collect personal information from California residents determine the purposes in California and meet any of the following:
- Has an annual gross revenue exceeding $25 million
- Derives 50% or more of its annual revenues from selling or sharing consumers’ personal information
- Buys, sells or shares the personal information of more than 100,000 consumers or households per year
CPRA Consumer Rights
- Right to correction
- Right to know about automated decision making
- Right to opt-out of automated decision making
- Right to limit the use of sensitive personal information (PI)
- Right to delete
- Rights of minors
- Right to data portability
CPRA fines for non-compliance
Automatic $7,500 fine for a violation involving the personal information of minors.
CCPA vs CPRA
The California Consumer Privacy Act (CCPA) entered into effect on January 1, 2020; The California Privacy Rights Act (CPRA) is a replacement of CCPA to be a more GDPR like law and will begin enforcing the CPRA from July 1, 2023.
CPRA replaces the CCPA's Do Not Sell button with Do Not Sell Or Share My Personal Information, added share; added Limit The Use Of My Sensitive Personal Information.
UniConsent CMP has the built-in UI, integration and GDPR-like features for CPRA compliant.
What is the California Privacy Protection Agency (CPPA)?
California will have a data protection authority like GDPR's national DPA that supervise and enforce the EU’s data privacy laws.
How to compliant with the California Privacy Rights Act (CPRA)?
Use a consent management platform like UniConsent to offer consumers full control of data collection, opt-out features, manage the preferences communication for CPRA compliance together with GDPR.