California Privacy Rights Act (CPRA) Overview: What’s New from CCPA?

Map of CA with check mark

Who Is Covered?

Any business that:

Has $25+ million in annual revenue

Buys, sells or shares PI of 100,000+ consumers or households

Derives at least 50% of annual revenue from selling or sharing consumer PI.

Additional Consumer Rights

  • Right to Limit Use and Disclosure of Sensitive PI
  • Right to Correction
  • Right to Access Information About Automated Decision Making
  • Right to Opt Out of Automated Decision Making Technology
  • Right to Restrict Sensitive PI
  • Audit Obligations

California Privacy Protection Agency

A new Agency partially funded from the collection of fines


CPRA affirmatively defines ‘sale’ of data as ‘share’


consumers have to be able to opt out of retargeting

CPRA limits data collection, use, retention, and sharing of personal information to what is “reasonably necessary” to achieve the specified purposes

document icon

Companies are now required to submit a Risk Assessment Report to the California Privacy Protection Agency on a regular basis

CPRA goes into effect
January 1, 2023
with a look back from January 1, 2022


Learn more about CPRA

Solutions for any stage of your privacy journey

     Contact Us

(202) 850-0842

Submit a Question

Access Our Developer Portal