A Publisher’s Handbook : CCPA 2.0 (CPRA)

CPRA – California’s new & improved CCPA

The new and improved California Copyright Practices Act (CCPA), also known as the California Copyright Reform Act (CCRA-CA), is set to take effect on January 1, 2023. Here are some things you should know about the new CCPA.

CCPA:

The CCPA is a comprehensive data privacy law that was enacted in California and came into effect on January 1, 2020. It gives California residents greater control over their personal information that is collected and processed by businesses. Key provisions of the CCPA include:

  1. Consumer Rights: The CCPA grants consumers the right to know what personal information businesses collect about them, the right to request deletion of their data, and the right to opt out of the sale of their personal information.
  2. Notice and Disclosure: Businesses are required to provide clear and transparent notices to consumers about their data collection practices, including the types of information collected and the purposes for which it’s used.
  3. Opt-Out Rights: Businesses are required to offer an opt-out mechanism for the sale of personal information, allowing consumers to prevent their data from being sold to third parties.
  4. Non-Discrimination: The CCPA prohibits businesses from discriminating against consumers who exercise their rights under the law, including denying goods or services or charging different prices.

CPRA:

The CPRA, also known as Proposition 24, builds upon the CCPA and was passed as a ballot initiative in November 2020. It introduces more comprehensive privacy protections for California residents and establishes a new privacy enforcement agency, the California Privacy Protection Agency (CPPA). The CPRA’s provisions are set to be phased in over time, with full enforcement expected by 2023. Key features of the CPRA include:

  1. Sensitive Personal Information: The CPRA introduces the concept of “sensitive personal information” and provides enhanced rights for consumers regarding its processing, including the right to limit its use and disclosure.
  2. Expanded Opt-Out Rights: The CPRA expands the opt-out right to cover not only the sale of personal information but also the sharing of personal information for cross-context behavioral advertising.
  3. Data Retention Limits: Businesses are required to limit the retention of personal information to what is necessary for the purposes for which it was collected.
  4. Children’s Privacy: The CPRA establishes additional protections for the personal information of minors, including requiring opt-in consent for consumers under 16 and introducing a new category for consumers under 13.
  5. Enforcement and Fines: The CPRA empowers the CPPA to enforce both the CCPA and CPRA provisions and imposes stricter penalties for violations involving the personal information of minors.

Timeline of CCPA & CPRA :

CPRA : New for Publishers 

Here are some potential aspects that could be relevant to publishers:

  1. Sensitive Personal Information Category: The CPRA introduces a new category called “sensitive personal information,” which includes data such as Social Security numbers, financial account information, precise geolocation data, racial or ethnic origin, genetic data, and more. Publishers need to handle sensitive personal information with additional care and may need to obtain explicit consent from consumers to process this type of data.
  2. Expanded Opt-Out Rights for Cross-Context Behavioral Advertising: Publishers engaging in cross-context behavioral advertising (targeted advertising based on user behavior across different websites and platforms) are subject to expanded opt-out requirements. The CPRA extends the opt-out right to cover the sharing of personal information for such advertising purposes.
  3. Data Retention Limits and Purpose Limitation: The CPRA emphasizes data minimization and purpose limitation by requiring businesses, including publishers, to limit the retention of personal information to what is necessary for the purposes for which it was collected. This could impact how long publishers retain user data and the justifications for doing so.
  4. Children’s Privacy and Consent: The CPRA enhances privacy protections for minors. For users under the age of 16, publishers may need to obtain opt-in consent for the collection and sale of their personal information. For users under the age of 13, opt-in consent is required from a parent or guardian.
  5. Enforcement and Fines: The CPRA establishes the California Privacy Protection Agency (CPPA) as the enforcement authority for both the CCPA and CPRA. This agency has the authority to enforce penalties for violations. Fines for non-compliance, especially in cases involving the personal information of minors, can be significant.
  6. Right to Correct Inaccurate Personal Information: The CPRA introduces a new right for consumers to correct inaccurate personal information held by businesses. Publishers need to have processes in place to handle such correction requests.
  7. Joint Liability for Data Sharing: If publishers share data with third parties, the CPRA introduces the concept of joint liability. This means that if a third party misuses the data, both the third party and the business that shared the data can be held accountable.
  8. Impact on Service Providers and Contractors: The CPRA clarifies and refines the definitions and relationships between businesses, service providers, and contractors. Publishers need to understand these relationships to ensure proper compliance.
  9. Updated Privacy Policy Requirements: The CPRA introduces new requirements for privacy policies, including the need to disclose retention periods for different categories of personal information.
  10. Data Protection Impact Assessments (DPIAs): The CPRA gives the CPPA the authority to require businesses, including publishers, to conduct and submit DPIAs for certain high-risk data processing activities.

Modifications to CCPA by CPRA:

  1. Opt-out of Cross Context Behavioral Advertising :  The Consumer Data Protection Act (CCPA) contains a provision that permits consumers to prohibit publishers from selling data to third parties. However, given the ambiguity of the term ‘sell’, many publishers engaged in cross-promotion behavioral advertising were excluded from this provision. Due to the fact that behavioral advertising does not necessitate the ‘sale’ of customer data, it has left many consumers and digital advertisers perplexed. However, the Consumer Product Rights Authority (CPRA) has clarified this ambiguity by incorporating the concept of the “sharing” of consumer data into its scope of application. Under the CPRA, the consumer has the right to “opt-out” from the context of behavioral advertising. This will prevent businesses from using their personal data to sell or share for advertising purposes. In addition, according to the CPRA, the definition of Cross-Cultural Behavioral Advertising is as follows: “Cross-cultural behavioral advertising” refers to targeted advertising that uses a consumer’s personal information collected from their online activity across distinct brands of websites, brands of businesses, brands of applications, brands of services, and brands of products other than the targeted business, brand of application, brand of website, or brand of service that the consumer deliberately interacts with.”
  2. Contractual Requirements :  Under the CPRA, businesses must enter into appropriate contracts with their SPSPs and contractors to restrict the storage, use, or disclosure of personal data for any purpose other than the scope of the contract. These contracts will allow businesses to control the consumer data that they share with other parties by monitoring compliance with the terms of their contract. Businesses may conduct a review, automated assessment, and audit at least once per year to make sure the consumer data is not sold or made available by their SPSPs outside of the scope of the agreement. 
  3. Security Audit :  Under the CCPA, publishers are required to take reasonable steps to protect the privacy of consumer data. However, under the CPRA, the requirements are even stricter. Under the new rules in the CPRA, those who collect personally identifiable information (PII) about consumers are required to conduct an annual cyber security audit and provide the CPPA with a risk analysis report. The risk assessment should consider the potential risks and benefits associated with the processing of consumer data. If the benefits outweigh the risks, then the CPPA can restrict or prohibit the processing of such data under the CCPA or the CPRA. 

Penalties for Violations:

If a publisher is non-compliant and is found to be in violation of the CPRA, civil penalties are $2500 to $500 per violation and $750 to $1,000 per violation if the court finds that the violation was intentional. The new CPRA also has a new $7500 penalty for violations (unintentional) of consumer privacy of minors. The law also makes it clear that providers of third-party services will be held accountable for any violations. Since publishers are responsible for protecting consumer data they collect, any violations of the law by third-party providers can also result in penalties for the publisher if they do not have a contractual agreement to protect consumer data. In addition, the CPRA has removed the provision in CCPA that allows a publisher or a business to avoid penalties if it can address and correct the violations within 30 days after being notified. 

Right of Private Action:

The CCPA gives consumers the right to take private action against a business for a breach of consumer’s personal information or sensitive personal information. This means consumers can sue companies for a breach of their personal information. 

However, the CPRA has changed the scope of this right to allow consumers to take private action only in the case of a breach of unencrypted and unredacted data. The CPRA also includes breaches involving ‘email addresses in combination with passwords or security questions and answers that may grant access to an account’, subject to a consumer’s right to a private action. 

In the event of a breach, consumers can seek damages from the court for damages ranging from $100 to $750 per consumer for each incident, or actual damages up to $1 million, whichever is greater, as well as injunctive and declaratory relief, or any other relief deemed appropriate by the court.

Future Beholds:

Currently, the Consumer Data Protection Act (CPRA) is one of the most comprehensive consumer data privacy laws in the country. With several new state regulations set to enter into force in 2023, it’s important for publishers to be well-prepared for the changes to come. With new privacy laws in the works in Colorado and Connecticut, as well as Utah and Virginia, publishers must continue to adhere to best practices to comply with privacy laws. 

Since sharing and storing consumer data is likely to be at the top of the list in most new privacy policies, publishers may want to consider using consent or data management platforms (DMPs) to monitor their data processing operations. 

While the CPRA has improved upon its predecessor, the Consumer Data Privacy Act (CCPA), updating the privacy frameworks is a top priority for publishers to prevent violations, as per the CPRA. Publishers should also make sure their third party service providers (SPPs) and ad tech partners (ADPs) are CPRA-compliant and create contractual agreements in place to protect themselves in the event of a violation.

126 thoughts on “A Publisher’s Handbook : CCPA 2.0 (CPRA)”

  1. The very core of your writing while appearing agreeable originally, did not sit perfectly with me after some time. Someplace throughout the sentences you were able to make me a believer unfortunately only for a while. I however have a problem with your leaps in assumptions and one would do nicely to fill in those gaps. In the event you actually can accomplish that, I would certainly be fascinated.

  2. Thanks for sharing superb informations. Your site is very cool. I am impressed by the details that you¦ve on this web site. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for more articles. You, my friend, ROCK! I found just the info I already searched all over the place and simply couldn’t come across. What an ideal website.

  3. Its like you read my mind! You appear to know a lot about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but other than that, this is great blog. A fantastic read. I’ll certainly be back.

  4. Hmm it seems like your blog ate my first comment (it was extremely long) so I guess I’ll just sum it up what I submitted and say, I’m thoroughly enjoying your blog. I too am an aspiring blog writer but I’m still new to everything. Do you have any helpful hints for beginner blog writers? I’d certainly appreciate it.

  5. Undeniably believe that which you stated. Your favorite reason appeared to be on the internet the simplest thing to be aware of. I say to you, I certainly get annoyed while people think about worries that they just don’t know about. You managed to hit the nail upon the top and also defined out the whole thing without having side effect , people can take a signal. Will probably be back to get more. Thanks

  6. Pretty nice post. I simply stumbled upon your blog and wished to mention that I’ve really enjoyed surfing around your weblog posts. In any case I’ll be subscribing for your rss feed and I hope you write again soon!

  7. hey there and thank you for your information – I’ve certainly picked up something new from right here. I did on the other hand experience several technical points the use of this site, since I experienced to reload the site many occasions prior to I could get it to load correctly. I were considering in case your hosting is OK? Not that I’m complaining, however sluggish loading cases instances will often affect your placement in google and can damage your quality ranking if ads and ***********|advertising|advertising|advertising and *********** with Adwords. Well I am including this RSS to my email and could look out for much more of your respective exciting content. Make sure you update this once more soon..

  8. Hey there! This post couldn’t be written any better! Reading this post reminds me of my good old room mate! He always kept talking about this. I will forward this article to him. Pretty sure he will have a good read. Many thanks for sharing!

  9. Fitspresso is a brand-new natural weight loss aid designed to work on the root cause of excess and unexplained weight gain. The supplement uses an advanced blend of vitamins, minerals, and antioxidants to support healthy weight loss by targeting the fat cells’ circadian rhythm.

  10. Dentavim is a dietary supplement formulated to support oral health and improve dental hygiene. With increasing awareness of the importance of maintaining good oral health, Dentavim has emerged as a popular choice for individuals seeking to enhance their dental care regimen. This article provides a detailed overview of Dentavim, including its ingredients, benefits, potential side effects, and overall effectiveness.

  11. I feel this is one of the so much vital info for me. And i’m happy studying your article. However wanna observation on few normal issues, The website style is perfect, the articles is actually great : D. Excellent job, cheers

  12. Unlock the potential of your pineal gland with the potent Pineal XT Dietary supplements serve as a gateway to expanding one’s range of expression, and Pineal gland support supplements, in particular, can elevate mental and spiritual capabilities. Pineal XT vitamins offer a pathway to endless joy, prosperity, health, and love. These supplements are designed to bolster the pineal gland’s function, enhance overall body performance, and boost energy levels. It stands as a premier alternative for reducing the impact of fluoride, pollutants, and the natural aging process.

  13. We are a group of volunteers and opening a new scheme in our community. Your web site offered us with valuable information to work on. You have done a formidable job and our whole community will be grateful to you.

  14. Fitspresso is a brand-new natural weight loss aid designed to work on the root cause of excess and unexplained weight gain. The supplement uses an advanced blend of vitamins, minerals, and antioxidants to support healthy weight loss by targeting the fat cells’ circadian rhythm

  15. Fitspresso is a brand-new natural weight loss aid designed to work on the root cause of excess and unexplained weight gain. The supplement uses an advanced blend of vitamins, minerals, and antioxidants to support healthy weight loss by targeting the fat cells’ circadian rhythm

  16. Hey! I could have sworn I’ve been to this blog before but after reading through some of the post I
    realized it’s new to me. Anyways, I’m definitely happy I found
    it and I’ll be bookmarking and checking back often!

    Here is my web page :: UltraK9 Pro

  17. It is in point of fact a nice and useful piece of information. I’m happy that you simply shared this helpful information with us. Please stay us informed like this. Thanks for sharing.

  18. миллион в инвестициях
    на пальцах, миллион долларов в инвестициях на пальцах pdf жергілікті басқару жүйесі, жергілікті мемлекеттік басқару заңы металлопрокат алматы цена, металлопрокат прайс-лист
    цены оттегі адам ағзасында, оттек атомының адам ағзасында саяхаттауы

  19. психотип по дате рождения, психоматрица рассчитать топ фильмов, онлайн-кинотеатр бесплатный алишер конысбаев – болексин скачать, алишер конысбаев – болексин текст мысық аттары қыз, мысық қандай
    жануар

  20. елорда мектеп кз қмж 6 сынып 3 тоқсан,
    елорда мектеп кз қмж 2 сынып и хейзинга мәдениеттің пайда болуы немен байланыстырады, антик натурфилософиясы журналы
    ринц в казахстане, требования кксон
    мон рк планета сатурн знак зодиака,
    козерог знак зодиака

Leave a Comment

Your email address will not be published. Required fields are marked *