Privacy laws · California

California Consumer Privacy Act / California Privacy Rights Act.

The most comprehensive US state privacy law. Grants consumers rights to know, delete, correct, and opt-out of sale/sharing of personal information. Requires businesses to provide notice at collection and honor Global Privacy Control signals.

/ Diagnostic check ClearConsent scans your storefront for signals related to this law — consent banner state, GPC support, Do Not Sell links, privacy policy disclosures, cookies, and trackers.

/ Effective
2020-01-01
Effective date
When the law took effect or will take effect.
/ Consumers
100,000
Consumer threshold
The number of California residents whose data triggers compliance.
/ Revenue
$26,625,000
Revenue threshold
Annual revenue trigger for compliance, if applicable.
01 / Key requirements

What the law requires.

  • 01Privacy policy disclosing data practices
  • 02Right to know what data is collected
  • 03Right to delete personal information
  • 04Right to correct inaccurate data
  • 05Right to opt-out of sale/sharing
  • 06Right to limit use of sensitive personal information
  • 07Honor Global Privacy Control (GPC) signals
  • 08Do Not Sell My Personal Information link
  • 09Data minimization requirements
  • 10Purpose limitation for data use
  • 1112-month lookback for consumer requests
  • 12Non-discrimination for exercising rights
02 / Enforcement

Penalties & cure period.

Penalties

Up to $2,500 per unintentional violation, $7,500 per intentional violation. Private right of action for data breaches ($100-$750 per consumer per incident).

Cure period

None (CPRA removed 30-day cure period)

Enforcement agency

California Privacy Protection Agency (CPPA)

03 / E-commerce

What this means for
your store.

Applies to most e-commerce businesses selling to CA residents. Cookie consent, GPC compliance, and 'Do Not Sell' links are critical.

Scan your store for CCPA/CPRA privacy gaps →

Run the diagnostic