CCPA-CPRA
California Consumer Privacy Act of 2018 (as amended by CPRA)
- I. California Consumer Privacy Act of 2018 (CCPA/CPRA)
- Ch. I — California Consumer Privacy Act (Cal. Civ. Code 1798.100-1798.199.100)
- Art. 1798.100. General Duties of Businesses that Collect Personal Information (15)
- Art. 1798.105. Consumers’ Right to Delete Personal Information (9)
- Art. 1798.106. Consumers’ Right to Correct Inaccurate Personal Information (3)
- Art. 1798.110. Consumers’ Right to Know What Personal Information is Being Collected. Right to Access Personal Information (10)
- Art. 1798.115. Consumers’ Right to Know What Personal Information is Sold or Shared and to Whom (6)
- Art. 1798.120. Consumers’ Right to Opt Out of Sale or Sharing of Personal Information (6)
- Art. 1798.121. Consumers’ Right to Limit Use and Disclosure of Sensitive Personal Information (4)
- Art. 1798.125. Consumers’ Right of No Retaliation Following Opt Out or Exercise of Other Rights (11)
- Art. 1798.130. Notice, Disclosure, Correction, and Deletion Requirements (28)
- Art. 1798.135. Methods of Limiting Sale, Sharing, and Use of Personal Information and Use of Sensitive Personal Information (20)
- Art. 1798.136. Untitled (3)
- Art. 1798.140. Definitions (21)
- Art. 1798.145. Exemptions (12)
- Art. 1798.146. Untitled (6)
- Art. 1798.148. Untitled (6)
- Art. 1798.150. Personal Information Security Breaches (4)
- Art. 1798.155. Administrative Enforcement (3)
- Art. 1798.160. Consumer Privacy Fund (14)
- Art. 1798.175. Conflicting Provisions (3)
- Art. 1798.180. Preemption (1)
- Art. 1798.185. Regulations (31)
- Art. 1798.190. Anti-Avoidance (2)
- Art. 1798.192. Waiver (5)
- Art. 1798.194. This title shall be liberally construed to effectuate its purposes. ref
- Art. 1798.196. This title is intended to supplement federal and state law, if permissible, but shall not apply if such application is preempted by, or in conflict with, federal law or the United States or California Constitution. ref
- Art. 1798.198. Untitled (2)
- Art. 1798.199. Notwithstanding Section 1798.198, Section 1798.180 shall be operative on the effective date of the act adding this section. ref
- Art. 1798.199.10. Untitled (8)
- Art. 1798.199.15. Members of the agency board shall: (7)
- Art. 1798.199.20. Members of the agency board, including the chairperson, shall serve at the pleasure of their appointing authority but shall serve for no longer than eight consecutive years. ref
- Art. 1798.199.25. For each day on which they engage in official duties, members of the agency board shall be compensated at the rate of one hundred dollars ($100), adjusted pursuant to subdivision (d) of Section 1798.199.95, and shall be reimbursed for expenses incurred in performance of their official duties. ref
- Art. 1798.199.30. The agency board shall appoint an executive director who shall act in accordance with agency policies and regulations and with applicable law. The agency shall appoint and discharge officers, counsel, and employees, consistent with applicable civil service laws, and shall fix the compensation of employees and prescribe their duties. The agency may contract for services that cannot be provided by its employees. ref
- Art. 1798.199.35. The agency board may delegate authority to the chairperson or the executive director to act in the name of the agency between meetings of the agency, except with respect to resolution of enforcement actions and rulemaking authority. ref
- Art. 1798.199.40. The agency shall perform the following functions: (15)
- Art. 1798.199.45. Untitled (4)
- Art. 1798.199.50. No finding of probable cause to believe this title has been violated shall be made by the agency unless, at least 30 days prior to the agency’s consideration of the alleged violation, the business, service provider, contractor, or person alleged to have violated this title is notified of the violation by service of process or registered mail with return receipt requested, provided with a summary of the evidence, and informed of their right to be present in person and represented by counsel at any proceeding of the agency held for the purpose of considering whether probable cause exists for believing the person violated this title. Notice to the alleged violator shall be deemed made on the date of service, the date the registered mail receipt is signed, or if the registered mail receipt is not signed, the date returned by the post office. A proceeding held for the purpose of considering probable cause shall be private unless the alleged violator files with the agency a written request that the proceeding be public. ref
- Art. 1798.199.55. Untitled (8)
- Art. 1798.199.60. Whenever the agency rejects the decision of an administrative law judge made pursuant to Section 11517 of the Government Code, the agency shall state the reasons in writing for rejecting the decision. ref
- Art. 1798.199.65. The agency may subpoena witnesses, compel their attendance and testimony, administer oaths and affirmations, take evidence and require by subpoena the production of any books, papers, records, or other items material to the performance of the agency’s duties or exercise of its powers, including, but not limited to, its power to audit a business’ compliance with this title. ref
- Art. 1798.199.70. No administrative action brought pursuant to this title alleging a violation of any of the provisions of this title shall be commenced more than five years after the date on which the violation occurred. (3)
- Art. 1798.199.75. Untitled (5)
- Art. 1798.199.80. Untitled (5)
- Art. 1798.199.85. Any decision of the agency with respect to a complaint or administrative fine shall be subject to judicial review in an action brought by an interested party to the complaint or administrative fine and shall be subject to an abuse of discretion standard. ref
- Art. 1798.199.90. Untitled (6)
- Art. 1798.199.95. Untitled (6)
- Art. 1798.199.100. The agency and any court, as applicable, shall consider the good faith cooperation of the business, service provider, contractor, or other person in determining the amount of any administrative fine or civil penalty for a violation of this title. A business shall not be required by the agency, a court, or otherwise to pay both an administrative fine and a civil penalty for the same violation. ref
Title I — California Consumer Privacy Act of 2018 (CCPA/CPRA)
Chapter I — California Consumer Privacy Act (Cal. Civ. Code 1798.100-1798.199.100)
Article 1798.160. Consumer Privacy Fund
6 obligations
CCPA-1798.160-09
Requirement
Begin Grant Program Administration When Funds Exceed $300,000
The California Privacy Protection Agency must begin administering the grant program when the amount of funds in the Cons
CCPA-1798.160-10
Requirement
Retain Funds in Grant Subfund When Balance is $300,000 or Less
In a fiscal year in which the amount of funds in the Consumer Privacy Grant Subfund is equal to or less than three hundr
CCPA-1798.160-11
Requirement
Transfer Interest and Earnings to General Fund Annually
Any interest and earnings from the Consumer Privacy Fund and all subfunds within the fund must be transferred on an annu
CCPA-1798.160-12
Requirement
One-Time Transfer of Remaining 2025 Budget Funds - 45% to Consumer Privacy Subfund
Any remaining funds in the Consumer Privacy Fund and subfunds that were not appropriated as part of the 2025 Budget Act
CCPA-1798.160-13
Requirement
One-Time Transfer of Remaining 2025 Budget Funds - 45% to AG Enforcement Subfund
Any remaining funds in the Consumer Privacy Fund and subfunds that were not appropriated as part of the 2025 Budget Act
CCPA-1798.160-14
Requirement
One-Time Transfer of Remaining 2025 Budget Funds - 10% to Grant Subfund
Any remaining funds in the Consumer Privacy Fund and subfunds that were not appropriated as part of the 2025 Budget Act
Article 1798.175. Conflicting Provisions
3 obligations
CCPA-1798.175-01
Requirement
Apply CCPA to all personal information collection regardless of method
Businesses must apply CCPA provisions to all personal information collected from consumers, not just information collect
CCPA-1798.175-02
Conformity
Harmonize conflicting privacy laws with CCPA when possible
Legal interpreters and businesses must attempt to harmonize other consumer personal information laws with CCPA provision
CCPA-1798.175-03
Requirement
Apply most protective privacy law when conflicts cannot be harmonized
When conflicts between CCPA and other consumer personal information laws cannot be harmonized, businesses and legal inte
Article 1798.180. Preemption
1 obligation
Article 1798.185. Regulations
15 obligations
CCPA-1798.185-01
Requirement
Attorney General Must Adopt Initial Regulations by July 1, 2020
The Attorney General shall solicit broad public participation and adopt regulations to further the purposes of this titl
CCPA-1798.185-02
Requirement
Update Personal Information Categories
The Attorney General must adopt regulations updating or adding categories of personal information enumerated in Section
CCPA-1798.185-03
Requirement
Update Deidentified and Unique Identifier Definitions
The Attorney General must adopt regulations updating definitions of 'deidentified' and 'unique identifier' to address te
CCPA-1798.185-04
Requirement
Establish Trade Secret and Intellectual Property Exceptions
The Attorney General must establish exceptions necessary to comply with state or federal law, including those relating t
CCPA-1798.185-05
Requirement
Establish Opt-Out Request Rules and Procedures
The Attorney General must establish rules and procedures to facilitate consumer opt-out requests for sale/sharing of per
CCPA-1798.185-06
Requirement
Govern Business Compliance with Opt-Out Requests
The Attorney General must establish rules and procedures to govern how businesses must comply with consumer opt-out requ
CCPA-1798.185-07
Requirement
Develop Uniform Opt-Out Logo/Button Standards
The Attorney General must establish rules for the development and use of a recognizable and uniform opt-out logo or butt
CCPA-1798.185-08
Requirement
Establish Notice and Information Accessibility Rules
The Attorney General must establish rules ensuring business notices and information are easily understood by average con
CCPA-1798.185-09
Requirement
Establish Verifiable Consumer Request Standards
The Attorney General must establish rules to facilitate consumer rights under Sections 1798.105, 1798.106, 1798.110, and
CCPA-1798.185-10
Requirement
Establish Correction Request Standards
The Attorney General must establish regulations governing how often and under what circumstances consumers may request c
CCPA-1798.185-11
Requirement
Establish 12-Month Information Provision Standards
The Attorney General must establish standards governing when providing information beyond the 12-month period in respons
CCPA-1798.185-12
Requirement
Define Business Purposes for Personal Information Use
The Attorney General must issue regulations further defining and adding to the business purposes for which businesses, s
CCPA-1798.185-13
Requirement
Define Service Provider Own Business Purpose Uses
The Attorney General must issue regulations identifying business purposes for which service providers and contractors ma
CCPA-1798.185-14
Requirement
Define 'Intentionally Interacts'
The Attorney General must issue regulations to further define 'intentionally interacts' with the goal of maximizing cons
CCPA-1798.185-15
Requirement
Define 'Precise Geolocation'
The Attorney General must issue regulations to further define 'precise geolocation,' including considerations for sparse