Mandatly Knowledge Base
Differences Between CCPA and CPRA
The California Privacy Rights Act (CPRA) took effect on January 1, 2023, making changes to the existing California Consumer Privacy Act (CCPA). It strengthens consumer privacy rights, adds new data protections, and increases responsibilities for businesses that handle personal data. In addition, the CPRA establishes the California Privacy Protection Agency (CPPA), which will oversee implementation and compliance.
Key Differences Between CCPA and CPRA:
The CPRA builds on and updates the CCPA by refining its provisions, increasing consumer privacy protections, and imposing stricter requirements on businesses that collect personal information from California residents. It also introduces a dedicated agency, the California Privacy Protection Agency, which is responsible for implementing and enforcing these regulations.
Overview: CCPA and CPRA
| Feature | CCPA (California Consumer Privacy Act) | CPRA (California Privacy Rights Act) |
|---|---|---|
| Applicability |
|
|
| Effective Date | 1-Jul-20 | 1-Jul-23 |
| Consumer Rights |
|
|
| Personal Information Definition | Broad definition covering identifiers & linked data, excludes public & deidentified data |
Same as CCPA |
| Sensitive Personal Information | Categories must be disclosed to consumers | Consumers can limit use and sharing of sensitive personal information |
| Minors’ Data | Prohibits sale of personal data of minors under 16 without consent | Prohibits sale or sharing of personal data of minors under 16 without consent |
| Data Minimization | Not explicitly required | Required: limit data collection and retention |
| Security Measures | Businesses must maintain reasonable security | Same as CCPA |
| Privacy Notices | Notice at collection, opt-out, and financial incentives required | Same as CCPA, plus notice on sensitive data |
| Penalties |
|
|
| Common Provisions |
|
|