Privacy Laws California
CA

California Consumer Privacy Act / California Privacy Rights Act

CCPA/CPRA

The most comprehensive US state privacy law. Grants consumers rights to know, delete, correct, and opt-out of sale/sharing of personal information. Requires businesses to provide notice at collection and honor Global Privacy Control signals.

Effective Date
2020-01-01
Enforcement
California Privacy Protection Agency (CPPA)
Consumer Threshold
50,000 consumers
Revenue Threshold
$25,000,000

Key Requirements

Privacy policy disclosing data practices
Right to know what data is collected
Right to delete personal information
Right to correct inaccurate data
Right to opt-out of sale/sharing
Right to limit use of sensitive personal information
Honor Global Privacy Control (GPC) signals
Do Not Sell My Personal Information link
Data minimization requirements
Purpose limitation for data use
12-month lookback for consumer requests
Non-discrimination for exercising rights

Penalties

Up to $2,500 per unintentional violation, $7,500 per intentional violation. Private right of action for data breaches ($100-$750 per consumer per incident).

Cure Period

None (CPRA removed 30-day cure period)

E-commerce Relevance

Applies to most e-commerce businesses selling to CA residents. Cookie consent, GPC compliance, and 'Do Not Sell' links are critical.

Back to All Privacy Laws Scan Your Site