Wednesday 01 06, 2021

CCPA v. CPRA – Privacy Laws Compared

Portrait Liana Chen
By Liana Chen

Partner

The California Consumer Privacy Act (CCPA) is still relatively new, and now there is another expansive privacy law in California, the California Privacy Rights Act (CPRA).

In November 2020, California voters approved of the CPRA, which expands privacy rights and requirements beyond the CCPA. For example, the CPRA does the following:

  • Redefines covered “businesses” and expands applicability to those “sharing” information.
  • Introduces a new category and rights for “sensitive” personal information.
  • Expands other consumer rights, such as the right to amend inaccurate information.
  • Updates requirements for clearly disclosing information use and retention practices.
  • Updates requirements for service providers and “contractors.”
  • Clarifies regulation of cross-context behavioral advertising.
  • Increases fines for violations of the opt-in right for minors.
  • Outlines that disclosure of an email address and password or security question would be considered a data breach under the law, which provides for statutory damages.

Further, the CPRA establishes a stand-alone privacy regulator, the California Privacy Protection Agency, to implement and enforce the law. Thus, while the California Attorney General guided regulatory enforcement of the CCPA in 2020 (resulting in most companies voluntarily agreeing to make recommended changes to privacy practices), businesses will now need to figure out how to deal with a novel agency and new standards, without a 30-day cure period like the CCPA contains.

Companies meeting the thresholds under the CCPA, CPRA, General Data Protection Regulation (GDPR), or other privacy laws should consult with experienced legal counsel to ensure they are complying with applicable laws and minimizing risks of a legal action. While the CPRA does not become fully operative until January 1, 2023, certain provisions look back, and businesses working on privacy compliance should do so with the CPRA in mind.

Kronenberger Rosenfeld helps clients with privacy compliance and responding to related civil and enforcement actions. If you need guidance with expanding privacy laws, please contact our firm.

This entry was posted on Wednesday, January 06, 2021 and is filed under Press & Published Articles, Internet Law News.



Related articles

Privacy & Cybersecurity

4 Ways to Protect Your Crypto

If you own any cryptocurrency, it's important to take steps to protect it from hackers and other bad actors. Here are four ways to do so. Use Two-Factor Authentication for...

Read Article

Privacy & Cybersecurity

Novel CCPA/CPRA Enforcement Treats Targeted Ads as Data

In a novel case, the California Attorney General (AG) has treated targeted ads using third parties, such as through routine marketing and analytics cookies, as data "sales." What did the...

Read Article

Privacy & Cybersecurity

Firm Files Lawsuit Against Uphold HQ Inc Over

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the Uphold.com cryptocurrency exchange...

Read Article

Privacy & Cybersecurity

Disparity between California’s Privacy Laws and Class Action

The enactment of the California Consumer Privacy Act (“CCPA”) in 2019 strengthened certain privacy protections for consumers. The CCPA protects consumers by requiring businesses to “inform consumers as to the...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.