CCPA and CPRA Topic Page

This topic page contains a curation of the IAPP’s coverage, analysis and relevant resources regarding the California Consumer Privacy Act and California Privacy Rights Act.

In June 2018, the CCPA was signed into law, creating new privacy rights for Californians and significant new data protection obligations for businesses. The CCPA went into effect Jan. 1, 2020. California’s Office of the Attorney General has enforcement authority.

The CPRA, a ballot initiative that amends the CCPA and includes additional privacy protections for consumers passed in Nov. 2020.

The CPRA established the California Privacy Protection Agency to implement and enforce the law. The Attorney General also retains civil enforcement authority.

  • expand_more

    CCPA Law and Documents

  • expand_more

    CPRA Law and Documents

Featured Resources

Additional News and Resources

Checking in on proposed California privacy and AI legislation

State appeals court rules first CPRA regulations enforceable

California proposes CCPA children’s privacy gap fix

After contentious meeting, CPPA moves ADMT rules forward

Immediate action required: Navigating CPRA compliance and enforcement in 2024

California privacy: 2022-23 legislative wrap-up

CPPA releases initial automated decision-making rules proposal

CPPA’s draft automated decision-making rules unpacked

The CPPA’s upcoming rulemaking process

The California Delete Act: Implications for data brokers and privacy

Comparison: CCPA’s Notice of Financial Incentive and Colorado Privacy Act’s Bona Fide Loyalty Program Rules

CPPA debuts new CPRA complaint form

CPRA is here – How to get ahead

Court decision pushes CPRA regulations enforcement to March 2024

CCPA enforcers emphasize compliance, downplay federal preemption

CPRA regulations finalized with OAL approval

California legislative wrap-up: CCPA amendments, children’s privacy and more

California Privacy Rights Act: Are We There Yet?

Does the CCPA as modified by the CPRA apply to your business?

Proposed CPRA regulations finalized; CPPA targets April effective date

All things ‘California Privacy Law’ with Lothar Determann

CPPA anticipates final CPRA regulations will be effective by April

The Alignment Problem with “Sale of Data”

Cross-context behavioral advertising is ‘sale.’ It is time to get over it.

Home stretch: Finalization of CPRA regulations draws closer

Lessons from the First CCPA Enforcement Settlement: GPC and Beyond

CPPA publishes first modifications of CPRA draft regulations

CPPA Board chair doubles down on proposed American Data Privacy and Protection Act opposition

CCPA/CPRA grace period for HR and B2B ends Jan. 1

CCPA enforcement action: A case study at the intersection of privacy and marketing

The Sephora case: Do not sell – But are you selling?

California attorney general announces first CCPA enforcement action

CPPA restates American Data Privacy and Protection Act opposition to US House leaders

CPPA launches CPRA rulemaking process

Complying with the California Consumer Privacy Act’s consumer request process

CPPA board moves CPRA rulemaking process forward

Privacy pros take stock of surprise CPRA draft regulations

CPPA board charts course for CPRA rulemaking

Guide to collecting personal information under the California Consumer Privacy Act of 2018

CPRA for Employers: Developing and Posting a Privacy Notice for Human Resources Data

CPRA for Employers: Vendor Contracting Requirements

State of CCPA: A Look Back to Prepare for What’s to Come

CPRA regulations delayed past July 1 deadline, expected Q3 or Q4

CPPA releases public comments for CPRA regs

Status of the California Privacy Protection Agency’s work

Brace for impact: PSR21 workshop focuses on CPRA considerations

FTC alum Ashkan Soltani selected to lead CPPA

CPRA could obstruct existing employment rights

Top-10 takeaways from the California AG’s CCPA enforcement case examples

How Defendants Are Attacking CCPA Claims

California attorney general offers CCPA enforcement update, launches reporting tool

A look at the California Privacy Protection Agency inaugural meeting

What the CPPA’s appointments say about enforcement priorities, strategy

New CCPA regulatory provisions seek to clarify business requirements

Analyzing the CPRA’s new contractual requirements for transfers of personal information

Ambiguity in CPRA imperils content intended for underrepresented communities

New categories, new rights: The CPRA’s opt-out provision for sensitive data

Summary of CPRA Contractual Obligations

Prop 24 passes in Calif., paving way for CPRA

Whether yes or no, the stakes are high for Calif.’s Prop 24

Podcast: Alastair Mactaggart on California’s Prop 24

Data brokers: A preview of the new edition of ‘California Privacy Law’

CCPA Litigation Overview

CCPA update: Calif. attorney general comments, new amendments signed into law

Benchmarking CCPA-related data subject requests

What does the CCPA’s ‘purpose limitation’ mean for businesses?

The CCPA dog that didn’t bark: B2B and employee moratoria extended one year

Privacy and Regulations: What’s Next After CCPA?

CPRA promises short-term consumer benefits, long-term uncertainty

CCPA draft regulations: Privacy notices and accessibility in the employment context

The new CCPA draft regulations: Identity verification

CCPA litigation: Shaping the contours of the private right of action

Will CPRA prevail on November 3?

At Calif. hearing, critics question CPRA’s timing

CPRA initiative moves to sampling, CCPA regs likely delayed

CPRA’s top-10 impactful provisions

CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’

CCPA Enforcement Infographic

Are IP addresses ‘personal information’ under CCPA?

The Top-10 Most Impactful Provisions of the CPRA

CCPA FAQ: Cookies, AdTech & Service Providers

Are companies using semantics to get around CCPA’s ‘sale’ provision?

Survey of the Retail Industry’s Privacy Practices

How the CCPA impacts civil litigation

With the CCPA now in effect, will other states follow?

What you must know about ‘third parties’ under GDPR and CCPA

One law firm’s take on the new draft CCPA regulations

Critics say attorney general’s proposed CCPA regulations add confusion, not clarity

5 Steps You Must Take to Prepare for the CCPA

GDPR and CCPA: A compatibility story

On keynote stage, Mactaggart addresses his ‘new’ CCPA

A look at the latest CCPA amendment updates

CCPA amendment update: Changes to technical corrections and loyalty programs bills

Navigating disclosures and sales of personal information under the CCPA

A close-up on deidentified data under CCPA

What one CCPA co-architect will watch closely with Sacramento back in session

Implementing the CCPA: A Guide for Global Business, Second Edition

CCPA update: Senate committee pares back amendments

Preparing for CCPA: Start benchmarking now

A data processing addendum for the CCPA?

Comparing Maine and Nevada’s new privacy laws with the CCPA

TheScore’s privacy notice analyzed against the CCPA

Encryption, redaction and the CCPA

Competing CCPA amendments sculpt law’s scope

California lawmakers smooth over some of the CCPA’s rough edges

State legislature debates CCPA ad-tech carve out amendment

CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation

Analysis: The California Consumer Privacy Act of 2018

GDPR matchup: The California Consumer Privacy Act 2018

New California privacy law to affect more than half a million US companies