Earlier, businesses in California were trying to understand the California Consumer Privacy Act (CCPA) and become compliant with the law. Now, they have another challenge, and it is the California Privacy Rights Act (CPRA). It means more compliance laws.
What does the California data privacy law mean? How are CCPA and CRPA different from each other?
What is CPRA?
First of all, it is essential to understand that CPRA is an extension of the earlier law CCPA, which had fewer restrictions for businesses in the state.
The idea behind the creation of CPRA was fewer consumer rights, which grabbed the attention of some privacy advocates. They believed that consumers require more rights, and the thought led to the creation of CPRA.
According to the new law, there needs to be a new federal agency to handle CCPA compliance and make businesses follow the new regulations. Now, companies in the state will be responsible for other companies using the collected consumer data.
The legislation also suggests that there would be more strict regulations on how companies collect, store, and use consumer data.
CCPA vs CPRA: How are They Different?
As discussed earlier, CPRA is an extension of CCPA. It adds stricter regulations to the earlier legislation. Apart from that, there are certain things that differentiate the two terms from each other. They include:
- Scope of the Laws
The CCPA law considered businesses that either have $25M+ revenue or those with information on over 50,000 consumers.
However, the new law considers businesses that have more than 100,000 consumers. The idea is to consider large corporations and give relaxation to small businesses.
- Personal Information
In both the types of laws, the classification of data varies. In CCPA, data types like geolocation, internet activity, and sensitive information were known as personal information.
However, these types of data were classified as sensitive personal information in CPRA.
- Federal Agency to Monitor Laws
The CCPA legislation has been regulated by the California Attorney General. When it comes to CPRA, there is a dedicated federal agency to ensure that all the guidelines of CPRA are applied and followed in the right manner.
When it comes to penalizing organizations that do not follow data privacy laws strictly, CCPA and CPRA have different outcomes. Under CCPA, there’s a fine of $2500 per violation, which is a result of violating the personal data of minors.
On the other hand, CPRA results in a fine of $7500 per violation.
- Cure Period
In CCPA, there is a cure period of 30 days. With the introduction of CPRA, the cure period has been eliminated.
In the End
Although CCPA and CPRA are privacy laws for companies in California, they are different from each other and result in different outcomes. However, both of them have the objective of ensuring strict procedures and policies to help companies and consumers.