CPRA or California Privacy Rights Acts is considered one of the strictest privacy laws California Organisations has seen to date. Therefore, the organisations need to shift from the current California Consumer Privacy Act, i.e. CCPA Compliance, to adopt the new CPRA.
Although the compliance date comes in effect from January 2023, the organisation needs to be well-versed in the overall CCPA vs CPRA compliance laws and system.
CPRA: Brief and Summary
- The CPRA was passed on November 4 2020 and is said to come into effect from January 1, 2021. The CPRA was introduced to eliminate the holes in CCPA and enforce the new law with improvisations:
- The CPRA has been enforced with new regulations, filling in the holes of the previous CPPA. The laws in CPRA are not exhaustive but inclusive, which means there is room for new regulations to enforce any further changes in the future.
- The changes include but are not limited to the new consumer rights, any new category of
- personal information and use and storage limits on personal information.
CCPA vs CPRA, What has changed?
Let’s see some basic distinctions of CCPA vs CPRA , as wondered by many organisations:
Who needs to adopt the CCPA and CPRA?
CCPA:
- The gross annual revenue should be above ‘twenty-five’ million.
- The organisation should deal, i.e. buy, sell, or receive the personal information of at least ‘fifty thousand’ Californian households or devices.
- Fifty per cent of their annual revenue should come from selling the resident’s personal information.
CPRA:
- The gross annual revenue should be above ‘twenty-five’ million.
- The organisation should deal, i.e. buy, sell, or receive the personal information of at least ‘one lakh’ or more Californian households.
- Fifty per cent of their annual revenue should come from selling or sharing the resident’s personal information.
What are the consumer rights in CCPA and CPRA?
CCPA:
The right to:
- Delete
- Opt-out of Sale
- Non-Discrimination
- Know/Access
CPRA:
The right to:
- Delete
- Opt-out of Sale
- Non-Discrimination
- Know/Access
- Rectification
- Limit the Use of any Sensitive Personal Information
What does the personal information include?
CCPA:
Personal Information ‘means the information that can identify, relate to, describe, or be linked to, directly or indirectly, with a particular consumer or household.
CRPA:
Personal information and Sensitive Personal Information ‘includes’ information like biometric information, racial and ethnic information, driver’s license number, SSN and precise geolocation.
What is the limitation of usage of personal information?
CCPA:
It’s expected that the information would be used for ethical purposes only, but there are ‘no limitations’.
CRPA:
The data should be collected, retained, and used only to provide goods and services for necessary situations.
So, if your business does not qualify for CRPA by 2023, you need to continue following the CCPA. The CRPA is not meant to replace CCPA completely; it will just replace some aspects of CCPA and add on some additional regulations.
CPRA is nothing but the transparency that the companies need to show while collecting consumers’ personally identifiable information. The main motto is to secure individuals’ privacy, especially minors so that they are not mishandled in any case.