The California Privacy Rights Act – what it means for consumers and businesses
It will be enforceable from 1 July 2023 and builds on the California Consumer Privacy Act (CCPA), providing additional privacy rights and protections for California residents. The CPRA expands and strengthens the privacy protections of the CPPA.
The implications of CPRA are significant for businesses and consumers alike. We have set out below some of the key implications of CPRA:
CPRA expands the rights of California residents to control their personal information, including the right to correct inaccurate information, the right to limit the use of sensitive information and the right to opt-out of the sale or sharing of their personal information.
While CPRA applies specifically to California residents, its impact will be felt by businesses outside of California that collect personal information from California residents. This is because CPRA requires businesses to extend the same privacy rights to California residents, regardless of where the business is located.
CPRA expands the definition of information to include new categories such as precise geolocation data, race, ethnicity and health information.
The CPRA introduces new requirements for businesses to limit the retention of consumers’ personal information. Businesses must inform consumers about the length of time they intend to retain personal data and must not retain it for longer than necessary.
How Waystone Compliance Solutions can help
Overall, the implications of CPRA are complex and far-reaching, as it enhances privacy protections for consumers and increases the obligations and potential liability for businesses.
For more information on how cyber and data protection team can help you navigate through the CPRA ahead of its enforcement date, please contact us.
CCPA v CPRA comparison chart
The CCPA v CPRA comparison chart highlights the evolution of privacy regulations in California. While the CCPA introduced privacy rights and obligations, the CPRA further enhances consumer privacy protections, expands rights, and establishes a comprehensive data protection framework in the state.