The California Privacy Rights Act (CPRA) will go into effect on January 1, 2023. The CPRA will amend existing provisions by creating new and expanded rights for California consumers and increasing obligations on businesses. It also establishes the California Privacy Protection Agency to implement and enforce the law.
How to Comply With CPRA?
To comply with the CPRA, you should follow both the above-mentioned CCPA and CPRA requirements. In particular, you should keep in mind the following aspects:
Perform personal data inventory to find out the type of information you collect, and if you collect sensitive personal information. Figure out the businesses you share data with, and what data is transferred to them.
Review your agreements with service providers, contractors, and third parties and ensure that they have adequate data privacy provisions according to the latest privacy requirements under the CPRA.
Update your Cookie Banner notices. You should disclose if you sell or share personal information, and provide the details of the service providers, contractors, and third-parties you share the data with. Disclose if you collect and process sensitive personal information, how and for what reasons you collect and process this information. Indicate how long you will keep each category of the personal information collected.
Add new opt-out links on your website. Add links ”Do not sell or share my personal information” and “Limit the use of my sensitive personal information” and display them on the website’s homepage. It is also recommended to add “a single, clearly-labeled link” that combines both above-mentioned links.
Update your Privacy Policy to include the consumers' rights and ensure that your Privacy Policy is easily accessible and compatible on all devices. The Privacy Policy should include:
- Disclosures regarding personal information and sensitive personal information
- Disclosure of how to access, change, or delete personal information
- Method how to opt-out of selling or sharing personal information
- Consent notice for minors (13-16 years) and children under 13 years (consent from parents).
You could use CookieScript Privacy Policy Generator to create a unique and professional Privacy Policy for your business or website.
Provide a method to get consumers' requests. Under the CPRA, consumers have the right to be informed about their personal information collected. The CPRA requires businesses to have at least two methods for consumers to submit such requests. You can create web request forms, provide a phone number, or e-mail for the consumer to make requests. Ensure that these request methods are easily accessible and displayed on your website or privacy page.
Read the complete guide to California Privacy Rights Act (CPRA).
Use CookieScript Consent Management Platform, which is easy to use, complies with the CCPA and CPRA, and follows up the updates for the latest privacy regulations. CookieScript provides third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.