With the passing of Proposition 24, California consumers now have more personal data protection rights than ever before. The California Privacy Rights Act (CPRA) improves provisions and extends enforcement of the existing California Consumer Privacy Act (CCPA).
If you're thinking, how does a data privacy law passed in California affect my business in a totally different part of the country? Even if your company is headquartered outside of California, if you're conducting business within the state, you are subject to CCPA and CPRA guidelines. Beyond this, many new laws and guidelines are first implemented in California, and later make their way into other states throughout the country. Because of the visibility of privacy laws with the rise of digital media, we expect other states to adopt similar statutes in coming years.
While the CPRA doesn't go into effect until 2023, the CCPA currently governs data privacy protections for Californians and gives consumers the right to:
What are the key differences between the CCPA and CPRA? For one, California beefed up its opt-out clauses to shift from a "no selling" to a "no sharing" approach to data privacy. This new clause will provide consumers more authority over how their data is distributed and used.
Second, your business will be on the hook for compliance because the CPRA triples maximum penalties for violations involving minors under 16. The new law also establishes a California Privacy Protection Agency to enforce consumer privacy laws and impose administrative fines.
Here are some best practices to remaining CPRA compliant in your business's marketing practices:
For more information on the nitty-gritty details of the CPRA and how it will affect your organization's marketing practices, check out these helpful resources: