While the United States is gearing up for new state privacy regulations coming into effect in 2023 (Virginia, Colorado, Utah), the first-ever comprehensive privacy law in the country – CCPA (California Consumer Privacy Act) – has been revised to include consumer rights under what is called the CPRA (California Consumer Privacy Rights Act).
By now, you have heard of CPRA, but if you haven’t, here’s everything you need to know:
CPRA essentially works as an addendum to the CCPA. The CPRA will go into effect on January 1, 2023, and it will be enforceable starting on July 1, 2023.
While there are a few differences, especially with the addition of new consumer rights, the main changes revolve around the sharing of personal data and the introduction of the SPI category (Sensitive Personal Information), which includes precise geo-location.
Here’s a high-level deep dive:
| CCPA | CPRA | |
| Business Size |
For-profit businesses that collect personal information from California residents, determines the purposes in California and meet any of the following:
|
For-profit businesses that collect personal information from California residents, determines the purposes in California and meet any of the following:
|
| Effective from | January 1, 2020 | January 1, 2023 |
| Consumer Rights |
|
All rights under the CCPA, plus:
Amended right:
|
| Personal Information Definition | “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. | Personal information, as well as “Sensitive Personal Information” which includes information such as SSN, driver license numbers, biometric information, precise geolocation, and racial and ethnic origin. |
| Third Parties | “Service Provider” – an entity that processes personal information on behalf of a business pursuant to a written contract. | “Contractor” – an entity ‘to whom a business makes available a consumer’s personal Information for a business purpose pursuant to a written contract with the business’ |
| Enforcement |
|
|
| Definition – Sell vs. Share | “Sell” – for monetary or other valuable consideration |
“Sell” – for monetary or other valuable consideration “Share” – share by a business to a third party for cross-context behavioural advertising for the benefit of a business where no money is exchanged |
| Personal Information of Minors | Fines for violations of the personal information for minors is the same as the fines for other types of personal information – $2,500 for each unintentional and $7,500 for each intentional violation | Automatic $7,500 fine for a violation involving the personal information of minors |
To become compliant with CPRA, app developers and publishers will need to:
We have been compliant with the CCPA since its release in January 2020, and we plan to do the same for the CPRA when it comes into effect on January 1, 2023.
We are making changes to our systems to consume the do_not_sell flags from our publisher customers so they can inform us when a user opts out. The same will be applicable for our mediation partners and supported header bidding solutions. This means that publishers will be able to send us an opt-out flag at the request level.
We will also provide a form on the InMobi Publisher Dashboard where publishers will be able to raise Data Subject Rights, including the CPRA rights.
In parallel, we are also expanding the scope of Data Subject Rights that we support, in line with CPRA requirements which will be reflected in our CCPA privacy addendum.
We will notify our customers and work with them to start adopting the API.
Register to our blog updates newsletter to receive the latest content in your inbox.
![In-App Ads.txt: What You Need to Know [VIDEO]](https://web.inmobicdn.net/website/website/6.0.1/uploads/blog/app-ads.txt_video_blog_about_image.png)