Passed in 2020, the California Privacy Rights Act (CPRA) amended California’s first major privacy law, the California Consumer Privacy Act (CCPA). In broad strokes, the CPRA expanded consumer rights, added more regulation around commercial data processing, and refined the CCPA’s overall scope.
There are several notable differences between CCPA and CRPA, but one of the most significant is the increased data processing threshold.
Doubling the CCPA’s data processing threshold, the CPRA applies to businesses processing data for 100,000 or more consumers. The result is that many small or mid-sized businesses could end up exempt; however, there are other threshold criteria to consider.
A business may fall under the CPRA’s scope because it:
Unlike many other state privacy laws, the CPRA applies when only one of these criteria are met.
Learn more about the CPRA