What Is California Privacy Rights Act (CPRA) & Why Should Businesses Care?

California voters recently passed the California Privacy Rights Act (CPRA), expanding upon the already established California Consumer Privacy Act (CCPA), which went into effect at the start of 2020. The CPRA is expected to go into effect January 2023.

What Is The California Privacy Rights And Enforcement Act (CPRA)?

In short, the CPRA will implement stronger data privacy rules for businesses, additional consumer rights in regards to their data and an independent enforcement agency called the California Privacy Protection Agency (CPPA).

What Are The New CPRA Data Privacy Rules Businesses Must Be Aware Of?

Under CPRA, new data privacy changes include:

• Limitations on the length of time businesses can hold onto consumer data
• An opt-out option for “cross-context behavioral advertising”
• Prevention of businesses from “sharing” consumers’ personal information
• Limitations on the usage of “sensitive” personal information such as race, location, religion, social security details and more
• Stronger opt-in requirements enforced for any data pertaining to children
• Proper links on every business homepage for consumers to opt out of their personal data being “sold, shared or used,” if they so choose

How Will The CPRA Give Greater Control To Consumers?

CPRA will provide consumers with an even larger amount of insight into and control over their personal data that has been obtained by various businesses. Under CPRA, consumers could:

• Correct any incorrect personal information businesses may have on them
• Opt out of both “automated decision making technology” and the sharing and selling of any personal information businesses have obtained
• Access “meaningful information about the logic involved in such decision-making processes, as well as a description of the likely outcome of the process with respect to the consumer”

What Will The New California Privacy Protection Agency (CPPA) Do Under CPRA?

The newly formed CPPA will include a five-member board, instated to “protect people’s privacy rights, promote public awareness and provide guidance to consumers and businesses under the act.” The CPPA will also have the right to distribute fines for any violations that go against the newly implemented CPRA guidelines.

As Privacy Laws Continue To Evolve, Digital Advertisers Must Adjust Their Strategies Alongside Them

The pending addition of CPRA proves compliance standards are continuing to evolve, and digital advertisers must consider the impact that guidelines, like CPRA, will potentially have on their business practices. eMarketer reporter Yoram Wurmser notes that “If the act goes into effect in 2023, most personalized advertising will no longer be possible in California, and many parts of the data ecosystem will struggle to adapt.”

The forthcoming January 2023 implementation date of the CPRA, however, gives businesses significant time to prepare and proactively adapt to the coming changes. Advertisers should use this time to introduce and/or increase their transparency with consumers, communicating exactly how and where consumers’ personal data will be used, and for how long. It’s important now for advertisers to pay closer attention to the specific data they have on file, analyzing why they collect and share data, and track the management of data from start to finish. 

Are You Looking For Safe Ways To Reach Opted-In Audiences?

Digital Media Solutions^® (DMS) understands how important it is for brands to adhere to regulations like CCPA, TCPA and CAN-SPAM, so we have prioritized and operationalized compliance across everything we do to offer brand-safe digital consumer engagement opportunities. DMS de-risks ad spend while helping our advertiser clients connect with more consumers and expand their customer bases.