California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) is a state-wide data privacy bill approved by California voters on November 3, 2020. The CPRA significantly amends and expands the existing California Consumer Privacy Act (CCPA).

The main changes introduced by the CPRA include:

  • Establishing a new government agency for state-wide data privacy enforcement, the California Privacy Protection Agency (CPPA).
  • Creating a category of sensitive personal information (SPI), which is regulated separately and requires stronger security measures than personal information. SPI includes Social Security Number, driver’s license, financial account information and login credentials, precise geolocation data, biometric or health information, etc.
  • Changing the definition of companies that are subject to the regulation – excluding smaller businesses and including bigger ones.
  • Modifying existing rights and adding four new ones: the rights to correction, opting out of automated decision-making, knowing about automated decision-making, and limiting the use of sensitive personal information.
  • Regulating cross-context behavioral advertising from which users can opt out and ask businesses to stop sharing and selling their personal information with third parties to avoid being targeted with ads based on behavioral data.
  • Adding GDPR-like requirements of data minimization, purpose limitation, and storage limitation.
  • Making a business responsible for how third parties use, share or sell personal information that the business collected in the first place.

For more information on the CPRA, CCPA, and other laws in the US, check out our blog content:


  • HIPAA-compliant analytics in 2025: Your complete vendor comparison and selection guide

    Vendors have been adjusting to the shifting landscape of privacy-oriented analytics and their clients’ expectations. Many of them change their offers accordingly. At the same time, the dominant analytics vendors are not necessarily the most compliant options for healthcare providers. The stakes have never been higher, with U.S. healthcare firms paying over $100 million in…

  • Introducing new pricing: More analytics value and privacy compliance as you grow

    Businesses have transformed the way they collect and utilize data. Modern organizations are seeking trusted datasets, full visibility into the customer journey, and ethical data collection, all within a seamless platform that offers comprehensive analytics and data activation capabilities.  To meet these evolving needs, we’re excited to share some important updates about our platform. Over…