Consumer Privacy Regulations Part 1

In our previous GA4 blog, we briefly mentioned new security features being implemented to focus on improving data security. Now, we want to give a more detailed overview of these consumer rights that all businesses should be aware of.

Google Analytics 4 will be implementing more security features that align with regulations such as the (soon-to-be) CPRA and the GDPR. These regulations protect the consumer’s privacy, which may restrict a business’s or organization's ability to collect and process personal data. This week, we’ll introduce you to the CPRA.

Currently the California Consumer Privacy Act of 2018 (CCPA) is a state-wide data privacy bill meant to give [California resident] consumers control over their personal information. Taking effect on January 1, 2023, is the California Privacy Rights Act of 2020 (CPRA) which is an amendment of CCPA. This amendment has amplified consumer privacy and protection of consumer rights. Here is what you can expect starting in 2023 according to what we know. 

This law applies to

  • for-profit companies that facilitate business in California with the following requirements;

  • gross annual revenue of over $25 million in the preceding calendar year

  • buy, sell, or share personal information of 100,000 or more California consumers or households

  • derive 50% or more of their annual revenue from selling or sharing California residents’ personal information

Two new business categories

  • a joint venture or partnership of businesses where each business has at least 40% interest and each business within the joint venture is considered as a separate business

  • any business that does not fall under the given qualifications can voluntarily certify to the CPPA that it is in compliance with CPRA

Consumer Rights

CPRA has expanded and added to the rights originally provided in the CCPA. Below is the full list of CPRA consumer rights:

  • right to delete personal information

  • right to correct inaccurate personal information

  • right to know what personal information is being collected

  • right to know what personal information is sold and to whom

  • right to opt-out of sale or sharing of personal information

  • right to limit use of sensitive personal information

  • right to exercise CPRA rights

Receiving Consent

Along with consumer rights comes receiving consent to collect and process consumer data. CPRA clearly states the definition of consent. Consent means any freely given, specific, informed, and unambiguous indication of the consumer’s intention.

Penalties

Should you violate these regulations, there are penalties involved. In the event of a violation, a business could face a cease and desist violation, be subject to an administrative fine of up to $2,500 for each violation, or up to $7,500 for each violation involving a minor. 

Moving Forward

So how should you prepare for CPRA? Here’s what we recommend:

  • determine if CPRA applies to your business

  • update contracts with service providers, contractors, or third parties if needed

  • add “Do Not Share” opt-out notification

  • update privacy policy

  • include consumer request forms due to expanded consumers rights to request information 

Stay tuned next week for Part 2, when we’ll explore further into GDPR.


PK Information is a FileMaker-certified development agency serving the Tampa Bay and Knoxville regions. We believe that great software can change everything. Would your database benefit from a process review? Contact us today!