Iubenda logo
Start generating


Table of Contents

CCPA vs CPRA: California’s Changing Data Privacy Landscape

With the new legislation that took effect at the start of 2023, CCPA vs CPRA It’s important to understand the key differences between them and what they mean for your personal data privacy.

In 2018, California became the first state to pass comprehensive data privacy legislation with the California Consumer Privacy Act (CCPA). However, just two years later, the state passed the California Privacy Rights Act (CPRA), which significantly amends and expands upon the CCPA. 


Who does the law apply to? 

To put it shortly, the scope of the CPRA is broader than the CCPA. 

The CCPA regulations only applies to businesses that meet certain criteria, such as those with annual gross revenue of over $25 million. 

While the CCPA amendments, the CPRA applies to businesses of all sizes that process personal data of California residents and meet certain thresholds.

Sensitive Personal Information

In The CCPA amendments, the CPRA adds new categories of sensitive personal information, such as:

  • health data; and 
  • precise geolocation data, which require additional protections.

👀 See here for everything you need to know about Sensitive personal information under the CPRA.

Consumer rights

The CCPA amendments, the CPRA, enhances consumer rights. 

While the CCPA regulations grants consumers the right to know what personal information businesses collect and the right to request deletion of that information, the CPRA adds new rights, such as:

  1. the right to correct inaccurate information; and 
  2. the right to limit the use and disclosure of sensitive personal information. 

👀 See here the full list of Consumer rights.

A new enforcement agency

Another major change is the creation of a new enforcement agency, the California Privacy Protection Agency (CPPA), which will have more resources and power to enforce the privacy laws. 

The CCPA regulation was enforced by the state attorney general’s office, while the CPRA gives the CPPA sole authority to enforce the law and impose fines for violations.

Businesses’ obligations

In terms of businesses’ obligations, the CPRA imposes additional requirements on businesses, such as:

  1. the obligation to conduct regular risk assessments; and
  2. submit annual privacy audits to the California Privacy Protection Agency (CPPA). 

The CPRA also establishes a new category of “contractors” who work with businesses and must comply with certain privacy requirements.

When does CPRA go into effect?

The CPRA went into effect in January 2023. 

The CCPA amendments, The CPRA Compliance

CCPA vs CPRA: Navigating the changing data privacy landscape in California can be daunting, but understanding the differences between the CCPA and the CPRA is crucial for protecting your personal data. 

Businesses and consumers alike should have already familiarized themselves with the new legislation and have taken the necessary steps to comply with its requirements.

Do you need to comply with the CCPA amendments?

We make it easy for you, click below to

Comply with the CPRA!