Privacy Rights for CCPA Compliance
CCPA creates specific consumer rights regarding personal data and data privacy. These rights are similar to the rights established by the GDPR, though they only apply to California residents. Residents have the following new rights:
- The Right to Know
- Data subjects have the right to know what personal information is collected, used, shared, or sold, both as to the categories and specific pieces of personal information
- The Right to Delete
- Data subjects have the right to delete personal information held by businesses and their vendors
- The Right to Opt-Out
- Data subjects have the right to opt-out of the sale of their personal information and direct a company to stop selling their information. Children under the age of 16 must provide opt-in consent. Children under the age of 13 require the consent of a parent or guardian.
- The right to Non-Discrimination
- Data subjects have the right to non-discrimination when a consumer exercises privacy rights under the CCPA.
CPRA will introduce some entirely new concepts to data privacy in California. Here are a handful of GDPR concepts that will be added to the US privacy lexicon with CPRA:
- Right to Rectification
- Updating and adding to the consumer’s right to correct inaccurate personal information.
- Right to Restriction
- Granting consumers the right to limit the use and disclosure of their sensitive personal information.
- Sensitive personally identifiable information
- Not all personally identifiable information (“PII”) will be created equal with the new law. Certain types of information, like your Social Security Number, will carry a “sensitive” distinction.