After CCPA compliance, the Californian government has now developed another data protection act called CPRA, making the people’s data protection their utmost priority. It is the strictest data protection law to date.
Let’s talk about it in detail.
What is CPRA?
The California Privacy Rights Act (CPRA) is a superior version of CCPA. However, CCPA appears to be missing several consumer protections in its legislation. As a result, the CPRA addresses this issue and establishes a more stringent standard for personal data privacy.
In various ways, it is influenced by the EU’s General Data Protection Regulation (GDPR). The CPRA’s goal is to give consumers more control over their data while simultaneously requiring businesses to be more open about how they share and use their data.
California is known as a technology hotspot; this law addresses the demands of its residents, which are growing in sync with technological advancements and the resulting privacy concerns governing the collection, use, and protection of personal data.
Who all Comes Under CPRA?
All for-profit enterprises that do business in California and gather personal information from California citizens are subject to the CPRA mainly based on the following points:
- They made at least $25 million in annual revenue the previous year.
- They purchase, sell, or exchange the personal information of 100,000 or more individuals or households.
- They make at least half of their annual revenue by selling or exchanging personal information about consumers.
CCPA VS CPRA What is the Difference?
- CPRA is an updated version of CCPA. The CPRA have some additional rules and conditions for its consumers and has taken its inspiration from GDPR.
- All geological, biometric, sensitive, and indirect or direct identities are categorized as personal information under the CCPA, whereas they come as sensitive personal information under the CPRA. All of this is subject to stronger privacy regulations.
- CPRA has given the California Privacy Protection Agency (CPPA) the authority to audit covered companies’ privacy practises and propose new regulations, while the California General Attorney is in charge of the CCPA.
- The CCPA charges a total of $2500 for each violation for both child and adult breaches of information, whereas the CPRA charges $7500 per violation for minor breaches of information.
- Consumers can take civil action under the CCPA if their personal information is accessed, stolen, or disclosed without their permission. CPRA enhances this private right of action, which includes a provision for statutory damages for any violation that falls within reach of California law.
- The CPRA vetoes the CCPA’s proposed 30-day “cure” time before taking any action on the allegation.
The application of CPRA doubles the strength of California data privacy law. . It is the strictest data protection law to date. The CPRA’s goal is to give consumers more control over their data while simultaneously requiring businesses to be more open about sharing and using their data.. CPRA is a revised and updated version of CCPA. CPRA classifies all its personal information in sensitive personal information with more strict laws.