The California Privacy Rights Act (CPRA), passed through Proposition 24 in November 2020, significantly expands and amends the California Consumer Privacy Act (CCPA) of 2018. This landmark privacy legislation establishes comprehensive data protection rights for California residents and creates the California Privacy Protection Agency (CPPA) as a dedicated privacy regulator - the first of its kind in the United States.
The regulation represents a major shift in U.S. privacy law, bringing California's privacy framework closer to the GDPR standard while introducing unique requirements for digital identity management and data protection. It strengthens consumer privacy rights, imposes stricter obligations on businesses handling personal information, and creates robust enforcement mechanisms.
Enhanced Consumer Rights
Right to Delete personal informationRight to Correct inaccurate personal informationRight to Know what personal information is collected and sharedRight to Data PortabilityRight to Opt-out of personal information sharingBusiness Obligations
reasonable security measuresrisk assessments for high-risk processingCybersecurity audit requirementsautomated decision-making technologyData Broker Provisions
DROP (Delete Request and Opt-out Platform) systemData security standardsAuthentication protocols for identity verificationAPI specifications for data portabilityEncryption requirements for sensitive dataautomated compliance systemsEnforcement
Audit Requirements
The CPRA significantly enhances digital identity protection through:
"The law marks a significant advancement in U.S. privacy protection, establishing a comprehensive framework for digital identity management and data protection."
If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page