What are CCPA & CPRA?

The CCPA, introduced on July 1, 2020, was the first comprehensive privacy law at the state level in the U.S. and has set the stage for similar legislation across other states. Building on this foundation, the CPRA, effective in California from January 1, 2023, significantly broadens the scope of the CCPA, with both laws designed to complement each other.

Where do the CCPA & CPRA apply to?

The CCPA and CPRA apply to any company processing the data of California residents, regardless of the company's location. The CPRA also established the CPPA, a dedicated agency for privacy enforcement. Privacy compliance is now crucial for both legal obligations and building brand trust, and consent management solutions are key to achieving it. Companies must inform consumers of their rights and, upon request, allow them to opt-out of data sales, access their personal data, or request its deletion or update.

What Are the Possible Reasons for CCPA & CPRA Penalties?

Violations of the CCPA (and CPRA) can result in penalties for various infractions, including failing to provide privacy notices, ignoring "Do Not Sell My Personal Information" requests, not obtaining consent for children's data, not responding to requests for data access or deletion, and failing to report data breaches.

Who is Liable for CCPA Penalties?

The CCPA applies to for-profit businesses that collect personal information from California residents and meet certain criteria, including having at least $25 million in annual gross revenue.

What Are the CCPA Penalties for
Non-Compliance?

CCPA fines can be as high as $7,500 per intentional violation and $2,500 per unintentional one. These fines can add up quickly; for example, selling data of 300,000 people without opt-out options could lead to $2.25 billion in fines. Furthermore, if a data breach results from inadequate security, affected consumers can also seek civil penalties, with amounts depending on the violation.

Get the CCPA-CPRA checklist for Free

Improve the effectiveness of your compliance strategy now.

Download checklist

Frequently Asked Questions

What is the CPRA and how does it differ from the CCPA?

The CPRA (California Privacy Rights Act) is an amendment to the CCPA. It enhances privacy rights, establishes a new enforcement agency, expands data breach liability, and introduces stricter rules for sensitive personal information, providing stronger data protection for California residents.

Does the CPRA replace the CCPA?

No, the CPRA does not replace the CCPA. It amends and enhances the existing CCPA regulations, introducing additional privacy rights and protections. The CPRA builds upon the foundation set by the CCPA rather than replacing it entirely.

How to make my business compliant with the CCPA-CPRA?

To assure CCPA-CPRA compliance for your business, start by implementing clear data protection policies and procedures. One of the easiest ways to simplify compliance is by using a Consent Management Platform (CMP) like Consentmo, which is designed specifically for Shopify stores. Our app helps you manage cookie consent, data requests, and user rights, verifying your store meets CCPA-CPRA requirements without hassle.

Is your site compliant?