Consumer Privacy Regulations Part 1
In our previous GA4 blog, we briefly mentioned new security features being implemented to focus on improving data security. Now, we want to give a more detailed overview of these consumer rights that all businesses should be aware of.
Google Analytics 4 will be implementing more security features that align with regulations such as the (soon-to-be) CPRA and the GDPR. These regulations protect the consumer’s privacy, which may restrict a business’s or organization's ability to collect and process personal data. This week, we’ll introduce you to the CPRA.
Currently the California Consumer Privacy Act of 2018 (CCPA) is a state-wide data privacy bill meant to give [California resident] consumers control over their personal information. Taking effect on January 1, 2023, is the California Privacy Rights Act of 2020 (CPRA) which is an amendment of CCPA. This amendment has amplified consumer privacy and protection of consumer rights. Here is what you can expect starting in 2023 according to what we know.
This law applies to
for-profit companies that facilitate business in California with the following requirements;
gross annual revenue of over $25 million in the preceding calendar year
buy, sell, or share personal information of 100,000 or more California consumers or households
derive 50% or more of their annual revenue from selling or sharing California residents’ personal information
Two new business categories
a joint venture or partnership of businesses where each business has at least 40% interest and each business within the joint venture is considered as a separate business
any business that does not fall under the given qualifications can voluntarily certify to the CPPA that it is in compliance with CPRA
Consumer Rights
CPRA has expanded and added to the rights originally provided in the CCPA. Below is the full list of CPRA consumer rights:
right to delete personal information
right to correct inaccurate personal information
right to know what personal information is being collected
right to know what personal information is sold and to whom
right to opt-out of sale or sharing of personal information
right to limit use of sensitive personal information
right to exercise CPRA rights
Receiving Consent
Along with consumer rights comes receiving consent to collect and process consumer data. CPRA clearly states the definition of consent. Consent means any freely given, specific, informed, and unambiguous indication of the consumer’s intention.
Penalties
Should you violate these regulations, there are penalties involved. In the event of a violation, a business could face a cease and desist violation, be subject to an administrative fine of up to $2,500 for each violation, or up to $7,500 for each violation involving a minor.
Moving Forward
So how should you prepare for CPRA? Here’s what we recommend:
determine if CPRA applies to your business
update contracts with service providers, contractors, or third parties if needed
add “Do Not Share” opt-out notification
update privacy policy
include consumer request forms due to expanded consumers rights to request information
Stay tuned next week for Part 2, when we’ll explore further into GDPR.
PK Information is a FileMaker-certified development agency serving the Tampa Bay and Knoxville regions. We believe that great software can change everything. Would your database benefit from a process review? Contact us today!