California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) is a state-wide data privacy bill approved by California voters on November 3, 2020. The CPRA significantly amends and expands the existing California Consumer Privacy Act (CCPA).

The main changes introduced by the CPRA include:

  • Establishing a new government agency for state-wide data privacy enforcement, the California Privacy Protection Agency (CPPA).
  • Creating a category of sensitive personal information (SPI), which is regulated separately and requires stronger security measures than personal information. SPI includes Social Security Number, driver’s license, financial account information and login credentials, precise geolocation data, biometric or health information, etc.
  • Changing the definition of companies that are subject to the regulation – excluding smaller businesses and including bigger ones.
  • Modifying existing rights and adding four new ones: the rights to correction, opting out of automated decision-making, knowing about automated decision-making, and limiting the use of sensitive personal information.
  • Regulating cross-context behavioral advertising from which users can opt out and ask businesses to stop sharing and selling their personal information with third parties to avoid being targeted with ads based on behavioral data.
  • Adding GDPR-like requirements of data minimization, purpose limitation, and storage limitation.
  • Making a business responsible for how third parties use, share or sell personal information that the business collected in the first place.

For more information on the CPRA, CCPA, and other laws in the US, check out our blog content:


  • Introducing new pricing: More analytics value and privacy compliance as you grow

    Businesses have transformed the way they collect and utilize data. Modern organizations are seeking trusted datasets, full visibility into the customer journey, and ethical data collection, all within a seamless platform that offers comprehensive analytics and data activation capabilities.  To meet these evolving needs, we’re excited to share some important updates about our platform. Over…

  • The comparison of 9 HIPAA-compliant web analytics platforms

    Selecting a HIPAA-compliant web analytics platform is critical for any healthcare organization. With the increasing reliance on digital tools to improve patient care, streamline operations, and drive strategic decisions, the need to analyze web and patient data securely has never been greater.  Choosing a platform that doesn’t match your needs or available resources can put…