California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) is a state-wide data privacy bill approved by California voters on November 3, 2020. The CPRA significantly amends and expands the existing California Consumer Privacy Act (CCPA).

The main changes introduced by the CPRA include:

  • Establishing a new government agency for state-wide data privacy enforcement, the California Privacy Protection Agency (CPPA).
  • Creating a category of sensitive personal information (SPI), which is regulated separately and requires stronger security measures than personal information. SPI includes Social Security Number, driver’s license, financial account information and login credentials, precise geolocation data, biometric or health information, etc.
  • Changing the definition of companies that are subject to the regulation – excluding smaller businesses and including bigger ones.
  • Modifying existing rights and adding four new ones: the rights to correction, opting out of automated decision-making, knowing about automated decision-making, and limiting the use of sensitive personal information.
  • Regulating cross-context behavioral advertising from which users can opt out and ask businesses to stop sharing and selling their personal information with third parties to avoid being targeted with ads based on behavioral data.
  • Adding GDPR-like requirements of data minimization, purpose limitation, and storage limitation.
  • Making a business responsible for how third parties use, share or sell personal information that the business collected in the first place.

For more information on the CPRA, CCPA, and other laws in the US, check out our blog content:


  • The combined benefits of using Piwik PRO and Cookie Information Consent Management Platform

    The combined benefits of using Piwik PRO and Cookie Information Consent Management Platform

    If you’re using Piwik PRO for privacy-friendly analytics, you’re already ahead in responsible data practices. But if you’re still relying on a basic consent manager, you could be missing opportunities to improve compliance, capture better data, and simplify your team’s workload. That’s where the combination of Piwik PRO and Cookie Information CMP comes in. This…

  • GDPR

    Global data centers: secure, GDPR-compliant analytics hosting with Piwik PRO

    As digital privacy regulations tighten and performance expectations rise, organizations are rethinking how and where their analytics data is hosted. Data centers play a central role in this shift, providing the infrastructure that powers secure, compliant and high-performance analytics solutions across the globe. Piwik PRO makes it easy to align your data strategy with local…