The California Privacy Rights Act is a significant development for the US privacy landscape. Its scope is broader than the existing California Consumer Privacy Act, creating additional rights and obligations, as well as the first state agency dedicated to privacy, the California Privacy Protection Agency.
Here, the IAPP will examine the top operational impacts of the CPRA in a 10-part series:
- Part 1: The new California regulator's potential structure, authority and approach provided under the law.
- Part 2: A breakdown of the definitions of "business" under both California laws.
- Part 3: Right to correct and treatment of sensitive personal data.
- Part 4: Other expanded rights and obligations.
- Part 5: Notice obligations and right to opt-out.
- Part 6: Service providers, contractors and third parties.
- Part 7: Responding to consumers' requests to know.
- Part 8: Rights to delete, no retaliation and children’s privacy.
- Part 9: The scope of the anticipated regulations.
- Part 10: Enforcement and potential penalties