Home

CPRA

CPRA stands for the California Privacy Rights Act, a California ballot measure enacted as Proposition 24 in 2020 that amends and expands the California Consumer Privacy Act (CCPA). The CPRA broadens consumer privacy protections, creates a dedicated regulator, and adds new duties for covered businesses. It introduces a new enforcement entity, the California Privacy Protection Agency (CPPA), and expands the scope of data protections and processing rules in California.

A central feature of CPRA is the creation of a new category called sensitive personal data, which

CPRA also expands consumer rights. In addition to existing rights to know, delete, and opt out of

The act imposes new duties on businesses, such as data minimization, retention limits, and heightened security

Overall, CPRA represents a significant expansion of California’s privacy framework, influencing how organizations collect, process, and

includes
examples
such
as
precise
geolocation,
government-issued
identifiers,
financial
and
health
information,
biometric
data,
genetic
data,
and
data
about
an
individual’s
sex
life
or
sexual
orientation.
Processing
of
sensitive
data
generally
requires
additional
safeguards,
including
opt-in
consent
in
many
cases,
and
stricter
limitations
on
its
use
and
disclosure.
the
sale
or
sharing
of
personal
information,
CPRA
adds
the
right
to
correct
inaccurate
personal
information
and
the
right
to
limit
the
use
and
disclosure
of
sensitive
personal
data.
It
preserves
and
clarifies
the
privacy
rights
established
by
the
CCPA,
including
data
access
and
portability,
subject
to
the
new
limitations
and
thresholds.
measures.
It
establishes
requirements
for
contracts
with
service
providers
and
contractors
to
prevent
improper
use
or
sale
of
data.
CPRA
also
introduces
a
cure
period
for
certain
violations
and
assigns
enforcement
to
the
CPPA,
with
penalties
for
noncompliance.
protect
personal
information
in
the
state.