Documentation

What is the CPRA?

CPRA stands for California Privacy Rights Act. The CPRA took effect on Dec. 16, 2020, and amends and expands the CCPA.

The CCPA and the CPRA are limited solely to California residents and entities doing business in the state of California.

The CPRA creates two additional rights for Californian customers:

1. the right to correct inaccurate personal information; and

2. the right to limit use and disclosure of sensitive personal information.

Why show a banner?

If a website falls under the CCPA and CPRA, it is required to give the following information to the consumer, “at or before the point of collection”, which in most cases means you have to show some sort of cookie banner linking to the following information:

• contact information to exercise their rights, specifically two different methods.

• the categories of personal information collected;

• the purposes of the collection and processing; and

• a specification of whether the information is sold to or shared with third parties.

The CPRA defines “sharing” as renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

Do Not Sell or Share My Personal Information

The CPRA requires websites to include a conspicuous link Do Not Sell or Share My Personal Information on the homepage or the cookie banner, and in the privacy statement. The CPRA also introduces a new notice requirement to provide a separate link titled “Limit the Use of My Sensitive Personal Information” or accommodate an optional technical signal solution. Both links should take consumers to an intake method, an interactive form, for consumer requests.

However: the CPRA also allows websites to forgo providing these links separately and instead choose to provide a single link that enables the consumer to opt out of the sale and sharing of personal information and to limit the use and disclosure of sensitive personal information. In Complianz this single link is called “Opt-out preferences” and the functionality is called “Global Opt-out”. Our users can of course always rename that single link back to Do Not Sell or Share My Personal Information.

Most of the provisions revising the CCPA won’t become “operative” until Jan. 1, 2023 and enforcement will not begin until July 1, 2023.

Join 900.000 users and install The Privacy Suite for WordPress locally, automated or fully customized, and access our awesome support if you need any help!

Complianz has received its Google CMP Certification to conform to requirements for publishers using Google advertising products.

Documentation

In this article

Category: Blog, Definitions

What is Quebec bill 64

What are ARIA labels?

What is the CTDPA?

What is the CDPA?

What is the GDPR?

What is the NRS (603A)?

What is the UCPA?

What is the CPA?

What is Limit Sensitive Data?

What is Global Opt-Out?

What is Cross-Context Behavorial Advertising?

What is the Right of Correction

Categories

Recent articles

Understanding Data Loss with Google Consent Mode v2

Simplified Guide to Google Consent Mode v2

WP Consent API and Complianz

Consent Mode V2 – Now Live

Wordfence: False positive “additional-consent-providers.csv”

What is the CPRA?

What is the CPRA?

Why show a banner?

Do Not Sell or Share My Personal Information

Join our mailing list - 8 Tips & Tricks in your inbox over the next week, that's all!

Plugins

Get Started

About

Premium