The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in 2020. It aims to strengthen and expand the privacy rights of California residents, and applies to businesses that collect and process the personal data of California residents.
One of the key provisions of the CPRA is the creation of a new California Privacy Protection Agency (CPPA), which is responsible for enforcing the law and protecting the privacy rights of California residents. The CPPA has the power to issue fines and penalties for violations of the CPRA, and can also take legal action against companies that fail to comply with the law.
Under the CPRA, California residents have expanded rights to control their personal data. This includes the right to request that a business disclose the personal data it has collected about them, the right to request that their personal data be deleted, and the right to opt out of the sale of their personal data. Businesses are required to provide clear and conspicuous notice to California residents about their privacy rights, and to obtain explicit consent before collecting and processing sensitive personal data.
In addition to these provisions, the CPRA also includes new requirements for businesses that handle the personal data of California residents. This includes the requirement to implement reasonable security measures to protect personal data, and to report data breaches to the CPPA and affected individuals in a timely manner.
The California Privacy Rights Act is a significant expansion of privacy rights for California residents. It creates a new agency to enforce the law, expands the rights of California residents to control their personal data, and imposes new requirements on businesses that collect and process personal data.