Topic Pages > CCPA and CPRA
-
expand_more
Browse Topic Pages
-
expand_more
Content by Type
-
expand_more
General Topic Pages
Featured Topics
- Artificial Intelligence
- CCPA and CPRA
- Children’s Privacy
- Consumer Perspectives
- Cybersecurity Law
- DPO Toolkit
- Enforcement
- EU AI Act
- EU General Data Protection Regulation
- Health Privacy
- International Data Transfers
- Privacy Program Operations
- Privacy Tech and Privacy by Design
- The Industry of Privacy
- US Federal Privacy
- US State Privacy
Additional Topics
-
expand_more
Regional Topic Pages
-
CCPA and CPRA
TOPIC PAGE
This topic page contains a curation of the IAPP’s coverage, analysis and relevant resources regarding the California Consumer Privacy Act and California Privacy Rights Act.
In June 2018, the CCPA was signed into law, creating new privacy rights for Californians and significant new data protection obligations for businesses. The CCPA went into effect Jan. 1, 2020. California’s Office of the Attorney General has enforcement authority.
The CPRA, a ballot initiative that amends the CCPA and includes additional privacy protections for consumers passed in Nov. 2020.
The CPRA established the California Privacy Protection Agency to implement and enforce the law. The Attorney General also retains civil enforcement authority.
-
expand_more
CCPA Law and Documents
California Consumer Privacy Act of 2018
- To view the text of the CCPA on the California Legislative Information website, click here.
CCPA Regulations
- To view the CCPA regulations in the California Code of Regulations, click here.
- The CCPA regulations were reordered and renumbered to reflect the fact the California Privacy Protection Agency assumed rulemaking authority in April 2022. More information about these changes is available on the CPPA’s Regulations page.
How we got here
The CCPA came about largely due to the efforts of Alastair Mactaggart, a San Francisco real estate developer and investor. Mactaggart championed and funded an initiative to get a similar bill put on the ballot, receiving more than 600,000 signatures — significantly more than necessary (though they were never officially certified).
Just days before the signatures were to be certified, California Democrats made an agreement with Mactaggart that if they could get a compromise bill signed into law prior to the deadline to get the initiative on the ballot he’d pull his version. In Mactaggart’s words, the proposed bill was “substantially similar to our initiative … It gives more privacy protection in some areas, and less in others.”
For their part, tech industry giants — some of which spent lots of money to oppose Mactaggart’s ballot initiative — announced they would not attempt to block the compromise bill, noting that while they disagree with much of it, it prevented the ballot initiative from moving forward.
On June 28, 2018, Gov. Jerry Brown, D-Calif., signed CCPA into law.
-
expand_more
CPRA Law and Documents
In September 2019, Alastair Mactaggart, who was instrumental in getting the California Consumer Privacy Act enacted, launched a new ballot initiative to appear on the November 2020 ballot, the California Privacy Rights Act. On Nov. 3, 2020, the CPRA passed. The CPRA amends the CCPA and includes additional privacy protections for consumers. The majority of the CPRA’s provisions will enter into force Jan. 1, 2023, with a look-back to January 2022.
The California Privacy Rights Act of 2020
- To view the text of the CPRA on the California Legislative Information website, click here. The provisions that are not yet operative are listed after the CCPA provision in effect.
- To view the text of the CPRA ballot initiative, click here.
California Privacy Protection Agency
- The CPRA established the California Privacy Protection Agency to implement and enforce the law. The Attorney General also retains civil enforcement authority.
- To view the CPPA page, including information about rulemaking activity, click here. The CPPA additionally published a separate guidance page to help Californians better understand and protect their privacy rights, available here.
CPRA Regulations
On October 21, 2021, the CPPA provided notice to the California attorney general it was prepared to assume rulemaking responsibilities. Rulemaking authority transfers from the attorney general to the CPPA six months after this notice, per Sections 1798.185(d) and 1798.199.40(b).