California Consumer Privacy Act (CCPA/CPRA)
In force since 1 January 2023
Agent Navigation: For section discovery, use /regulations/us/ccpa/llms.txt
Quick Reference
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is the most comprehensive US state privacy law. It grants California residents rights over their personal information and imposes obligations on businesses that collect it.
Applies to: For-profit businesses that: (1) have gross revenue >$25M, OR (2) buy/sell/share data of 100K+ consumers/households, OR (3) derive 50%+ revenue from selling/sharing personal information
Key rules:
- Consumers have right to know, delete, correct, and port their data [§ 1798.100-106]
- Must offer opt-out of sale/sharing of personal information [§ 1798.120]
- Sensitive personal information requires opt-in or limit-use option [§ 1798.121]
- “Do Not Sell/Share” link required on website [§ 1798.135]
- 45-day response deadline for consumer requests [§ 1798.130]
| Question | Answer | Citation |
|---|---|---|
| Who’s covered? | Businesses meeting thresholds + CA residents | § 1798.140 |
| Can consumers opt out of sale? | Yes, must honor | § 1798.120 |
| Response deadline? | 45 days (extendable +45) | § 1798.130 |
| Private lawsuits allowed? | Only for data breaches | § 1798.150 |
| Sensitive data rules? | Opt-in or “Limit Use” option | § 1798.121 |
| Who enforces? | CPPA, Attorney General | § 1798.155 |
Regulation Map (All Chunks)
Definitions
Requirements
- CCPA: Business Obligations
- CCPA: Consumer Rights
- CCPA: Opt-Out of Sale and Sharing
- CCPA: Sensitive Personal Information
- CCPA/CPRA: Service Provider and Contractor Requirements