California Privacy Rights Act of 2020 – CPRA

On January 1, 2023, the California Privacy Rights Act of 2020 (CPRA) will amend the California Consumer Privacy Act of 2018 (CCPA) with sweeping ramifications for businesses in California and globally that collect personal information about Californians. The law broadly governs the collection, use and disclosure of personal information about California residents – including consumers, employees, job applicants, business contacts, children and other categories of individuals – as well as information about their households and devices.

The CPRA created a new privacy regulator – the California Privacy Protection Agency (CPPA) – charged with adopting implementing regulations and enforcing the law. Both the CPPA and the California attorney general may seek civil penalties of up to $2,500 per violation of the law or up to $7,500 for each intentional violation or violation involving children under 16. The law also provides a private right of action allowing California residents affected by certain data breaches to seek up to $750 in statutory damages per individual per incident or actual damages, whichever is greater. The CPPA has proposed draft regulations and is expected to publish final regulations by the end of 2022.

If you need assistance with CPRA compliance, please contact a member of Cooley’s cyber/data/privacy group.


US Privacy Compliance Journey webinar series

Please note that continuing legal education credit is only available for the live webcast of these programs. Cooley is not able to provide CLE credit for on-demand recordings at this time.

Blog posts