Five Things Every Entrepreneur Should Know About California's New Privacy Law

CPRA's scope of coverage is broader. MUCH broader. The CCPA was designed to protect consumers. The CPRA's coverage focuses on all Californians, including business owners and employees (i.e., the rules now apply to human resources and B2B interactions). It also features enhanced protection for minors based on age. Children ages 14 and 15 are given more individual control of their data.

Data owners' rights are expanded significantly. In addition to existing rights under the CPPA (e.g., to obtain copies of personal data, non-discrimination, opt-outs, etc.), the CPRA lets data owners demand the correction of inaccuracies, limit the use sensitive personal information, and opt out of targeted advertising.

A broader right to delete. Under the CCPA, a consumer's right to delete kicked in once the collected data was used for its designated purpose. The CPRA allows all Californians to demand data deletion, not just from the initial collector of the information but from all third parties with which it was shared.

A right not to have information sold. The CCPA contains a relatively toothless provisions allowing a consumer to request a business not to sell the former's data. The new law extends the opt-out provision to all Californians and includes a right to exclude collectors from leveraging personal information for targeted advertisements.

More robust anti-discrimination provisions. The CCPA contains a general prohibition against retaliating against consumers who exercise their privacy rights. The CPRA's non-discrimination provisions extend to all Californians, including employees and contractors. It allows site owners to offer incentive programs to encourage data sharing, but only once per year if a user declines to participate.