The recently-passed California Privacy Rights Act (CPRA) augments and supplements California’s existing privacy law, the California Consumer Privacy Act (CCPA). We are sure many practitioners are wondering how it stacks up with the European Union’s General Data Protection Regulation (GDPR). See below for Part I of our two part series comparing the CPRA and the GDPR (and see Part II here).
HOW DOES THE CPRA CHANGE THE CCPA?
The CPRA makes several significant changes to the CCPA:
- It introduces the concept of “sensitive personal data”;
- It introduces new obligations on businesses, and GDPR-style “principles”;
- It introduces new rights for consumers; and
- It creates a new supervisory authority for data protection and privacy in California — the California Privacy Protection Agency.
These changes are very significant – but do they represent a move closer to GDPR, or a move away?