Global Regulations
The California Consumer Privacy Act (CCPA), signed into law on June 28, 2018, creates an array of consumer privacy rights and business obligations regarding the collection and sale of personal information. The CCPA went into effect Jan. 1, 2020. The California Privacy Rights Act (CPRA), also known as Proposition 24, was a ballot measure approved by California voters on Nov. 3, 2020. It significantly amended and expanded the CCPA, and it is sometimes referred to as “CCPA 2.0.” CPRA became operative on January 1, 2023.
Name: California Consumer Privacy Act / California Privacy Rights Act
Short Name: CCPA / CPRA
Effective Date: January 1, 2023
Region | State : CA, US
(CCPA) is applicable to a wide range of industries that collect and process personal information of California residents, here are some of the types of industries that CCPA can applies to Technology & Online Services, Retail and E-commerce, Financial Services, Healthcare, Marketing and Advertising, Education, Manufacturing and Consumer Goods, Automotive, Professional Services.
The CCPA and CPRA grant consumers several rights related to their personal information. Here’s a breakdown of these rights:
1. Right to Be Informed
Description: You have the right to be informed about the type of personal information collected and processed about you and your rights to opt-out.
• Also Referred As: Right to Notice
• Legal Reference: Cal. Civ Code 1798.130 (a) (5)
2. Right to Access Personal Information
Description: You may request that businesses disclose what personal information they have collected, used, shared, or sold about you, and why. Businesses must provide this information free of charge for the 12 months preceding your request.
• Also Referred As: Right to Access
• Legal References:Cal. Civ Code 1798.100(a) | Cal. Civ Code 1798.110 | Cal. Civ Code 1798.115
3. Right to Delete Personal Information
Description: You can request that businesses delete personal information they collected from you, with exceptions. Businesses must respond within 45 calendar days (extendable to 90 days).
• Also Referred As: Right to Delete
• Legal Reference: Cal. Civ Code 1798.105
4. Right to Correct Inaccurate Personal Information
Description: Consumers can request corrections to inaccurate personal information held by businesses.
• Also Referred As: Right to Rectification
• Legal Reference: Cal. Civ Code 1798.106
5. Right to Opt-Out of Sale or Sharing of Personal Information
Description: Consumers can request that businesses stop selling or sharing their personal information, particularly for cross-context behavioral advertising.
• Also Referred As: Opt-Out of Sale
• Legal Reference: Cal. Civ Code 1798.120
6. Right to Opt-Out of Sharing of Personal Information
Description: Similar to the above, but specifically for targeted ads and profiling.
• Also Referred As: Opt-Out of Targeted Ads / Opt-Out of Profiling
• Legal Reference: Cal. Civ Code 1798.120
7. Right to Know
Description: Consumers can request that businesses disclose:
• The categories of personal information collected.
• The categories of personal information sold or shared.
• The categories of third parties involved.
• Also Referred As: Right to Know
• Legal Reference: Cal. Civ Code 1798.115
8. Right to Limit Use and Disclosure of Sensitive Personal Information
Description: Consumers can direct businesses to limit the use of sensitive personal information to purposes necessary for the requested goods or services.
• Also Referred As: Right to Opt-Out for Sensitive Data Processing
• Legal Reference: Cal. Civ Code1798.121
9. Right of No Retaliation Following Opt-Out or Exercise of Other Rights
Description: Businesses cannot retaliate against consumers for exercising their rights under the CCPA, such as denying goods or services or charging different prices.
• Also Referred As: Right to Non-Discrimination
• Legal Reference: Cal. Civ Code 1798.125
10. Right to Private Action
Description: Individuals have the right to initiate private legal action against businesses under specific circumstances.
• Also Referred As: Right to Private Action
• Legal Reference: Cal. Civ. Code § 1798.150
1. Notice of Consumer Rights
Reference: Sections 1798.100(a), 1798.100(b), 1798.130(a), and 1798.135
2. Purpose Limitation
Reference: Sections 1798.100(b), 1798.100(c)
3. Data Minimization
Reference: Sections 1798.100(c) and 1798.100(a)(d)
4. Security Requirements
Reference: Sections 1798.150(a), 1798.100(e), and 1798.150(a)
5. Processor/Service Provider Requirements
Reference: Sections 1798.140(v), 1798.100(d), and 1798.140(ag)(1)
6. Record Keeping
Reference: Section 999.317
7. Risk Impact Assessment
Reference: Section 1798.185(a)(15)
8. Breach Notification
9. Registration with Authorities
10. Data Processing Officer
Reference: Designated personnel
11. International Data Transfer Restrictions
12. Global Privacy Controls
Although the text of the California Privacy Rights Act (CPRA) suggests that responding to the Global Privacy Control (GPC) will be optional in 2023, the California Attorney General now requires companies to respond to GPC signals.
