The California Consumer Privacy Act, substantially amended by the California Privacy Rights Act (CPRA) effective January 1, 2023, is the most comprehensive state-level privacy law in the United States. It grants California residents specific rights over their personal information and imposes obligations on businesses that collect, sell, or share that data.
Key consumer rights include the right to know what personal information is collected and how it is used, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate information, and the right to limit use of sensitive personal information. CPRA introduced the concept of "sensitive personal information" as a distinct category with additional protections.
The CPRA also established the California Privacy Protection Agency (CPPA) as a dedicated enforcement body, replacing the California Attorney General as the primary enforcer. Penalties can reach $2,500 per unintentional violation and $7,500 per intentional violation, with no cap on aggregate penalties. Private right of action exists for data breaches involving unencrypted personal information.
Get alerted when platforms change their policies — including CCPA/CPRA-relevant provisions.
Subscribe to Watcher — $9.99/mo