Skip to content

California Privacy Rights Act: CPRA Compliance

Usercentrics Consent Management Platform (CMP) enables you to meet evolving CPRA compliance requirements. Build user trust and fuel sustainable revenue growth.
Start freeContact Sales

What is the CPRA?

The California Privacy Rights Act (CPRA) amends, expands, and largely replaces the California Consumer Privacy Act (CCPA). It creates additional data privacy rights for consumers and responsibilities for companies’ data processing.

The CPRA has been in effect since 2023, with enforcement beginning in 2024, largely managed by the California Privacy Protection Agency (CPPA), which the law created.

Common CPRA questions and answers

How to comply with the California data privacy law

Under the CPRA, California privacy law now regulates both sale and sharing of residents’ personal data. Consumers can also opt out of use of their data for targeted advertising or profiling, or use of automated decision-making. The CPRA also established the CPPA for enforcement.

Usercentrics shield checkmark logo
Bank icon with various currency coins falling in

What are the consequences of CPRA noncompliance?

Noncompliance with the CPRA can result in enforcement actions by the California Privacy Protection Agency (CPPA) or the Attorney General. Businesses face escalating fines, depending on severity and if violations were willful or not. Consumers may also sue for statutory damages if they are victims of a data breach.

Achieve and maintain compliance in all regions and industries where you do business, including the EU’s GDPR, Brazil’s LGPD, and frameworks like the IAB TCF v2.2.

Easily integrate Usercentrics CMP with your website, app, or other platforms. Supports popular CMS and other third-party services to help drive your Privacy-Led Marketing.

Be transparent with users about how you use data and give them control. It’s not just a legal requirement. It’s a competitive differentiator that grows engagement and long-term customer relationships.

Targeted features like A/B Testing and Contextual Consent enable you to improve user experience quickly. Use data insights to optimize consent rates and capture more high-quality data.

“Honestly, it was click, click, click, done.”
— Web Application Development Manager, Gilson
Get started

Contact our expert team

We’re happy to answer questions about data privacy, compliant marketing operations, and the CPRA. Usercentrics’ Consent Management Platform helps you build trust and avoid penalties. Learn more today.

  • Interested in how privacy compliance benefits user experience and your marketing strategies?
  • Not sure if your business is privacy-compliant in California?
  • Need clarity on what your company’s compliance responsibilities are?
  • Looking to partner with us?
Contact sales
Contact chat bubble at the bottom right corner of a chat illustration

Learn more

Checklist
May 20, 2024
California has the fifth largest economy in the world. The state also has among the most stringent data privacy regulations in the United States. This 11-step CPRA compliance checklist will help you achieve and maintain compliance. Protect consumer rights and data and meet the security standards of the California Privacy Rights Act.
Read more
Article
Feb 28, 2024
The California Privacy Rights Act (CPRA) has been in effect since January 1, 2023. CPRA enforcement was delayed due to a legal challenge but the law is now enforceable as of early February 2024, managed by the California Privacy Protection Agency (CPPA).
Read more
Article
Feb 7, 2025
In 2025 more US state privacy laws will come into effect than in any previous year, though federal legislation remains stalled. We compare what US state-level data privacy laws mean for consumers and businesses.
Read more

Frequently asked questions

In addition to the rights granted to California residents under the CCPA, with the CPRA consumers were granted these additional rights:

  • Right to correct: any incomplete or inaccurate personal information that a business holds about them be corrected
  • Right to limit: consumers have the right to limit the use or disclosure of their sensitive personal information
  • Right to opt out: consumers have the right to opt out of the sale, sharing, or use of their personal information for profiling or targeted advertising

The California Privacy Protection Agency was created with the CPRA, and they or the Attorney General can levy civil penalties up to USD 2,663 per unintentional violation, or up to USD 7,988 per intentional violation or for violations involving minors (as of 2025). Individuals can use a private right of action to sue companies for violations related to data breach events affecting them and their personal information, and can seek statutory damages between USD 107 and USD 799 per incident.

CPRA compliance software enables companies to comply with the requirements of the CCPA and CPRA, like providing consumers with information about data processing and exercising their rights, obtain consent for the use of children’s information, and enabling consumers to opt out of the sale or sharing of their personal information, or its use for targeted advertising or profiling, or limit the use of their sensitive personal information.

A consent management platform (CMP) is a type of CPRA compliance software that can enable data privacy compliance for websites and apps. A CMP consent banner presents users with information about the cookies and other tracking technologies in use that collect personal information, and enable granular user consent choices. It also securely stores and documents consent information over time.