Cal. Civ. Code § 1798.100 et seq.

California Consumer Privacy Act (as amended by CPRA)

Statute — California, USA

Effective: January 1, 2020 100 platforms tracked 1276 provisions indexed Enforced by: California Privacy Protection Agency (CPPA), California Attorney General Last reviewed Apr 22, 2026

Overview

The California Consumer Privacy Act, substantially amended by the California Privacy Rights Act (CPRA) effective January 1, 2023, is the most comprehensive state-level privacy law in the United States. It grants California residents specific rights over their personal information and imposes obligations on businesses that collect, sell, or share that data.

Key consumer rights include the right to know what personal information is collected and how it is used, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate information, and the right to limit use of sensitive personal information. CPRA introduced the concept of "sensitive personal information" as a distinct category with additional protections.

The CPRA also established the California Privacy Protection Agency (CPPA) as a dedicated enforcement body, replacing the California Attorney General as the primary enforcer. Penalties can reach $2,500 per unintentional violation and $7,500 per intentional violation, with no cap on aggregate penalties. Private right of action exists for data breaches involving unencrypted personal information.

Penalties

$2,500 per unintentional violation. $7,500 per intentional violation. No aggregate cap. Private right of action for data breaches: $100-$750 per consumer per incident in statutory damages.

Key Articles & Sections

§ 1798.100 Right to Know

Consumers have the right to know what personal information is collected, used, disclosed, and sold.
Read full text →
§ 1798.105 Right to Delete

Consumers can request deletion of personal information collected from them, with specified exceptions.
Read full text →
§ 1798.106 Right to Correct

Consumers can request correction of inaccurate personal information. Added by CPRA.
Read full text →
§ 1798.120 Right to Opt Out of Sale/Sharing

Consumers can direct businesses not to sell or share their personal information. CPRA expanded this to include cross-context behavioral advertising.
Read full text →
§ 1798.121 Right to Limit Use of Sensitive PI

Consumers can limit use of sensitive personal information to what is necessary for performing services. Added by CPRA.
Read full text →
§ 1798.135 Do Not Sell or Share Link

Businesses must provide a clear "Do Not Sell or Share My Personal Information" link on their homepage.
Read full text →
§ 1798.150 Private Right of Action

Consumers can sue for statutory damages of $100-$750 per incident for data breaches involving unencrypted personal information.
Read full text →

Platforms We Track Subject to CCPA/CPRA

11 relevant provisions

0 relevant provisions

0 relevant provisions

11 relevant provisions

0 relevant provisions

0 relevant provisions

0 relevant provisions

34 relevant provisions

0 relevant provisions

31 relevant provisions

34 relevant provisions

0 relevant provisions

5 relevant provisions

Bank of America

6 relevant provisions

8 relevant provisions

8 relevant provisions

8 relevant provisions

0 relevant provisions

11 relevant provisions

11 relevant provisions

0 relevant provisions

7 relevant provisions

11 relevant provisions

6 relevant provisions

10 relevant provisions

0 relevant provisions

0 relevant provisions

35 relevant provisions

11 relevant provisions

0 relevant provisions

Showing 30 of 100 platforms. View all platforms →

Recent Changes Related to CCPA/CPRA

Apr 20, 2026 Canva Low

Canva updated their Privacy Policy on April 20, 2026, with a minor navigation change adding 'Template library' to the product menu in the page header. The actual privacy policy text itself does not a…
View change record →
Apr 20, 2026 Canva Low

Canva updated their Terms of Use on April 20, 2026. The change adds 'Template library' as a listed item in their product navigation menu. This is a minor cosmetic update to the document's navigation …
View change record →
Apr 20, 2026 Udemy Low

Udemy replaced the welcoming introductory text on their legal terms and resource center page with a 'page not found' error message. Previously, the page greeted visitors with a friendly description o…
View change record →
Apr 20, 2026 Reddit Low

Reddit's privacy policy page was detected as changed on April 20, 2026, but the actual difference is limited to an internal JavaScript challenge token used for bot verification — not any substantive …
View change record →
Apr 20, 2026 Chime Medium

Chime updated the Bancorp Bank privacy notice on April 20, 2026, reverting it to an older 2017 version from the 2025 version. A key change is that The Bancorp now states it does NOT engage in joint m…
View change record →
Apr 19, 2026 Waze Medium

Waze updated its privacy policy on April 19, 2026, removing several sections about social network integration and a 'find friends' feature that previously explained how Waze collected phone contacts …
View change record →
Apr 19, 2026 Waze Low

On April 19, 2026, Waze updated its Terms of Use by adding foundational language that formally identifies Waze Mobile Ltd. (an Israeli company with Google affiliates) as the service provider and clar…
View change record →
Apr 19, 2026 Gusto Low

On April 19, 2026, Gusto updated their privacy policy by adding two new documents to their terms library — 'EIN Application Service Supplemental Terms' and 'Gusto Powered Practices Contest Official R…
View change record →
Apr 19, 2026 eBay Low

eBay made a minor update to their User Agreement on April 19, 2026, removing the word 'Breadcrumb' from the navigation label at the top of the page. This is a cosmetic change to the page's breadcrumb…
View change record →
Apr 19, 2026 Skillshare Low

Skillshare updated their privacy policy on April 19, 2026, changing the 'Last Updated' date display from a specific date ('September 16, 2024') to a relative timestamp ('1 year ago'). This means user…
View change record →

Related Regulations

Official Source

View official regulation text →

Get alerted when platforms change their policies — including CCPA/CPRA-relevant provisions.

Subscribe to Watcher — $9.99/mo