CCPA and CPRA

Topic Pages > CCPA and CPRA

Image

CCPA and CPRA

TOPIC PAGE

This topic page contains a curation of the IAPP’s coverage, analysis and relevant resources regarding the California Consumer Privacy Act and California Privacy Rights Act.

In June 2018, the CCPA was signed into law, creating new privacy rights for Californians and significant new data protection obligations for businesses. The CCPA went into effect Jan. 1, 2020. California’s Office of the Attorney General has enforcement authority.

The CPRA, a ballot initiative that amends the CCPA and includes additional privacy protections for consumers passed in Nov. 2020.

The CPRA established the California Privacy Protection Agency to implement and enforce the law. The Attorney General also retains civil enforcement authority.

  • expand_more

  • expand_more

Back to Top


Additional News and Resources

Questions of scope, impact delay CPPA formal ADMT rulemaking


IAPP GPS 2024: CPPA’s Soltani details agency’s packed agenda


Checking in on proposed California privacy and AI legislation


State appeals court rules first CPRA regulations enforceable


California proposes CCPA children’s privacy gap fix


After contentious meeting, CPPA moves ADMT rules forward


Immediate action required: Navigating CPRA compliance and enforcement in 2024


California privacy: 2022-23 legislative wrap-up


CPPA releases initial automated decision-making rules proposal


CPPA’s draft automated decision-making rules unpacked


The CPPA’s upcoming rulemaking process


The California Delete Act: Implications for data brokers and privacy


Comparison: CCPA’s Notice of Financial Incentive and Colorado Privacy Act’s Bona Fide Loyalty Program Rules


CPPA debuts new CPRA complaint form


CPRA is here – How to get ahead


Court decision pushes CPRA regulations enforcement to March 2024


CCPA enforcers emphasize compliance, downplay federal preemption


CPRA regulations finalized with OAL approval


California legislative wrap-up: CCPA amendments, children’s privacy and more


California Privacy Rights Act: Are We There Yet?


Does the CCPA as modified by the CPRA apply to your business?


Proposed CPRA regulations finalized; CPPA targets April effective date


All things ‘California Privacy Law’ with Lothar Determann


CPPA anticipates final CPRA regulations will be effective by April


The Alignment Problem with “Sale of Data”


Cross-context behavioral advertising is ‘sale.’ It is time to get over it.


Home stretch: Finalization of CPRA regulations draws closer


Lessons from the First CCPA Enforcement Settlement: GPC and Beyond


CPPA publishes first modifications of CPRA draft regulations


CPPA Board chair doubles down on proposed American Data Privacy and Protection Act opposition


CCPA/CPRA grace period for HR and B2B ends Jan. 1


CCPA enforcement action: A case study at the intersection of privacy and marketing


The Sephora case: Do not sell – But are you selling?


California attorney general announces first CCPA enforcement action


CPPA restates American Data Privacy and Protection Act opposition to US House leaders


CPPA launches CPRA rulemaking process


Complying with the California Consumer Privacy Act’s consumer request process


CPPA board moves CPRA rulemaking process forward


Privacy pros take stock of surprise CPRA draft regulations


CPPA board charts course for CPRA rulemaking


Guide to collecting personal information under the California Consumer Privacy Act of 2018


CPRA for Employers: Developing and Posting a Privacy Notice for Human Resources Data


CPRA for Employers: Vendor Contracting Requirements


State of CCPA: A Look Back to Prepare for What’s to Come


CPRA regulations delayed past July 1 deadline, expected Q3 or Q4


CPPA releases public comments for CPRA regs


Status of the California Privacy Protection Agency’s work


Brace for impact: PSR21 workshop focuses on CPRA considerations


FTC alum Ashkan Soltani selected to lead CPPA


CPRA could obstruct existing employment rights


Top-10 takeaways from the California AG’s CCPA enforcement case examples


How Defendants Are Attacking CCPA Claims


California attorney general offers CCPA enforcement update, launches reporting tool


A look at the California Privacy Protection Agency inaugural meeting


What the CPPA’s appointments say about enforcement priorities, strategy


New CCPA regulatory provisions seek to clarify business requirements


Analyzing the CPRA’s new contractual requirements for transfers of personal information


Ambiguity in CPRA imperils content intended for underrepresented communities


New categories, new rights: The CPRA’s opt-out provision for sensitive data


Summary of CPRA Contractual Obligations


Prop 24 passes in Calif., paving way for CPRA


Whether yes or no, the stakes are high for Calif.’s Prop 24


Podcast: Alastair Mactaggart on California’s Prop 24


Data brokers: A preview of the new edition of ‘California Privacy Law’


CCPA Litigation Overview


CCPA update: Calif. attorney general comments, new amendments signed into law


Benchmarking CCPA-related data subject requests


What does the CCPA’s ‘purpose limitation’ mean for businesses?


The CCPA dog that didn’t bark: B2B and employee moratoria extended one year


Privacy and Regulations: What’s Next After CCPA?


CPRA promises short-term consumer benefits, long-term uncertainty


CCPA draft regulations: Privacy notices and accessibility in the employment context


The new CCPA draft regulations: Identity verification


CCPA litigation: Shaping the contours of the private right of action


Will CPRA prevail on November 3?


At Calif. hearing, critics question CPRA’s timing


CPRA initiative moves to sampling, CCPA regs likely delayed


CPRA’s top-10 impactful provisions


CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’


CCPA Enforcement Infographic


Are IP addresses ‘personal information’ under CCPA?


The Top-10 Most Impactful Provisions of the CPRA


CCPA FAQ: Cookies, AdTech & Service Providers


Are companies using semantics to get around CCPA’s ‘sale’ provision?


Survey of the Retail Industry’s Privacy Practices


How the CCPA impacts civil litigation


With the CCPA now in effect, will other states follow?


What you must know about ‘third parties’ under GDPR and CCPA


One law firm’s take on the new draft CCPA regulations


Critics say attorney general’s proposed CCPA regulations add confusion, not clarity


5 Steps You Must Take to Prepare for the CCPA


GDPR and CCPA: A compatibility story


On keynote stage, Mactaggart addresses his ‘new’ CCPA


A look at the latest CCPA amendment updates


CCPA amendment update: Changes to technical corrections and loyalty programs bills


Navigating disclosures and sales of personal information under the CCPA


A close-up on deidentified data under CCPA


What one CCPA co-architect will watch closely with Sacramento back in session


Implementing the CCPA: A Guide for Global Business, Second Edition


CCPA update: Senate committee pares back amendments


Preparing for CCPA: Start benchmarking now


A data processing addendum for the CCPA?


Comparing Maine and Nevada’s new privacy laws with the CCPA


TheScore’s privacy notice analyzed against the CCPA


Encryption, redaction and the CCPA


Competing CCPA amendments sculpt law’s scope


California lawmakers smooth over some of the CCPA’s rough edges


State legislature debates CCPA ad-tech carve out amendment


CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation


Analysis: The California Consumer Privacy Act of 2018


GDPR matchup: The California Consumer Privacy Act 2018


New California privacy law to affect more than half a million US companies