The California Consumer Privacy Act, substantially amended by the California Privacy Rights Act (CPRA) effective January 1, 2023, is the most comprehensive state-level privacy law in the United States. It grants California residents specific rights over their personal information and imposes obligations on businesses that collect, sell, or share that data.
Key consumer rights include the right to know what personal information is collected and how it is used, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate information, and the right to limit use of sensitive personal information. CPRA introduced the concept of "sensitive personal information" as a distinct category with additional protections.
The CPRA also established the California Privacy Protection Agency (CPPA) as a dedicated enforcement body, replacing the California Attorney General as the primary enforcer. Penalties can reach $2,500 per unintentional violation and $7,500 per intentional violation, with no cap on aggregate penalties. Private right of action exists for data breaches involving unencrypted personal information.
ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology
Showing 30 of 6207 provisions. View all →
Get alerted when platforms change their policies — including CCPA/CPRA-relevant provisions.
Subscribe to Monitor — $19/moConductAtlas tracks CCPA/CPRA-relevant provisions across 100 platforms. Each platform's specific provisions are classified by severity and mapped to CCPA/CPRA requirements.
ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect CCPA/CPRA obligations. Every change is archived with cryptographic verification.