How the CPRA Protects Consumer Rights

Every citizen of the Golden State has rights granted to them under the original CCPA regarding their personal data. The adoption of CPRA expands the scope for some CCPA rights and includes additional rights granted to the consumer. In this chapter we will look at those rights in greater detail.

Consumer Right to Know Timelines

Under CCPA, consumers are allowed access to any personal information collected by an organization in the previous 12 months from the date of the request. Consumers also have the right to request a copy of the specific information that is collected by the organization. CPRA extends this timeline for certain cases, allowing consumers to request collected information beyond the previous 12 months. When a request to access personal information is submitted, the organization has 45 days to respond.

Consumer’s Right to Non-Discrimination under CPRA

If a consumer exercises their rights under CPRA, a business may not deny them goods or services, charge them a different price, or provide a different level of quality of goods or services. If a consumer requests to withhold information that is necessary to complete a transaction, the business may not be able to complete the transaction. Promotions and discounts can be offered to the consumer in exchange for the collection or sale of their personal information.

Get started today in 5 minutes

Rights extended to California residents under the CPRA

The CPRA law expands on some of the CCPA rights in their original form. CPRA also includes some additional rights granted to consumers.

Right to Opt Out of Automated Decision-Making Technology

The CPRA grants consumers the right to opt out of automated decision-making technology, meaning they can choose not to be subject to decisions made solely by automated processes. This right applies to decisions that could have legal, significant or similarly significant effects and can include decisions made by algorithms, artificial intelligence, and other forms of automated data processing.

Right to Access Information About Automated Decision Making

The Right to Access Information About Automated Decision Making is a right for California residents to receive information about automated decisions that have been made about them, such as what type of data was used to make the decision, how the decision was made, and whether it was made with human input. This right allows individuals to better understand why decisions were made, and to dispute the accuracy of the decision if they believe it was incorrect.

Right to Limit Use and Disclosure of Sensitive Personal Information (SPI)

According to CPRA, individuals have the right to limit the use and disclosure of their sensitive personal information (SPI). This includes the right to opt-out of the sale of SPI and the right to request that a business stop collecting, using, or disclosing SPI. Businesses must honor these requests, unless they are legally obligated to continue processing the SPI.

Right to Correct Information

The Right to Correct Information gives California residents the ability to request the correction of inaccurate or incomplete personal information that a business or other organization holds about them. This right includes the ability to request the addition of missing information, or the removal of inaccurate or incomplete information.

Expanding the Definition of SPI

According to CCPA, "personal information" means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Sensitive Personal Information, or SPI, is a category of personal information that was added by the CPRA. SPI requires a greater level of data protection as compared to other information collected by an organization.

Here are some myths to look out for:

-
Social security number
-
Driver's license
-
State identification card
-
Passport number
-
Account log-in
-
Financial account
-
Debit or credit card number with account access credentials
-
Precise geolocation
-
Genetic data
-
Racial or ethnic origin
-
Religious or philosophical beliefs
-
Union membership
-
Mail, email, and text message content

See why 8,000+ businesses love EasyLlama

Becoming Well-Versed on CPRA Law with EasyLlama training

This training can be useful to any organization that collects personal information from residents of California. The goal is to better inform staff members on how data is collected, used, and shared by rules in order to better assist them in protecting consumer data. EasyLlama’s interactive quizzes and real-life scenarios will also boost knowledge retention and make employee compliance easier to manage.

Helping over 8,000+ organizations create a safer, more inclusive company culture.

Get more from easyLlama

The Most Comprehensive online CPRA Training

Any organization that gathers personal data from California residents can benefit this course. The purpose is to educate employees to understand the regulations that govern how data is gathered, utilized, and shared in order to better advise them in protecting consumer data. The course covers: