What is the difference between the CCPA and CPRA?

The CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act) are both privacy laws in California, USA that aim to give consumers more control over their personal data and how it is used. However, there are several differences between the two laws.

CCPA vs CPRA: Overview

The CCPA came into effect on January 1, 2020 and was the first privacy law in the United States to give consumers the right to know what personal information companies have collected about them, the right to request that their personal information be deleted, and the right to opt-out of the sale of their personal information.

The CPRA was approved by California voters on November 3, 2020 and builds upon the CCPA by providing additional privacy rights and protections for consumers. The CPRA gives consumers the right to request that businesses limit the use of their personal information and expands the definition of personal information to include new categories such as biometric information.

CCPA vs CPRA: Key Differences

Definition of Personal Information: The CCPA defines personal information as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The CPRA expands the definition of personal information to include biometric information, race, ethnicity, and other sensitive information.
Right to Limit Use: The CCPA does not give consumers the right to request that businesses limit the use of their personal information. The CPRA gives consumers this right, allowing them to ask businesses to stop using their personal information for certain purposes.
Right to Opt-Out of Sale: The CCPA gives consumers the right to opt-out of the sale of their personal information. The CPRA clarifies that this right applies only to the sale of personal information, and not to the sharing or disclosure of personal information for business purposes.
Coverage: The CCPA applies to businesses that collect and process the personal information of California consumers. The CPRA expands the scope of the CCPA to cover more businesses and applies to any business that collects, processes, or sells personal information of California consumers, regardless of their location.
Penalties: The CCPA provides for penalties of up to $7,500 per violation for intentional violations. The CPRA increases the maximum penalties for violations to $2,500 for each violation, or $7,500 for each intentional violation.

Conclusion

Both the CCPA and CPRA are important privacy laws in California, but the CPRA builds upon the CCPA by providing additional privacy rights and protections for consumers. It is important for businesses to understand the differences between the two laws and ensure that they are compliant with both.