Continue your mission
California consumer privacy rights including rights to know, delete, opt out of sale, and non-discrimination, with CPRA amendments expanding to correction and sensitive data limits.
The California Consumer Privacy Act (CCPA) establishes specific rights for California residents regarding their personal information collected by businesses meeting defined thresholds. These rights include the right to know what data is collected, the right to delete personal information, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising privacy rights.
The right to know requires businesses to disclose, upon verifiable consumer request, the categories and specific pieces of personal information collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom information is shared. The right to delete obligates businesses to erase personal information upon request, with exceptions for completing transactions, detecting security incidents, legal compliance, and internal uses consistent with consumer expectations. The right to opt out requires a clear "Do Not Sell My Personal Information" link on websites, with businesses honoring opt-out signals including the Global Privacy Control (GPC) browser signal. Businesses must respond to consumer requests within 45 days (extendable by 45 days with notice). The CPRA amendments added the right to correct inaccurate information, the right to limit use of sensitive personal information, and expanded opt-out rights to cover sharing for cross-context behavioral advertising.
CCPA applies to any business with California consumers meeting revenue ($25 million), data volume (100,000+ consumers/households), or data sale revenue (50%+ from selling personal information) thresholds. The California Attorney General and the California Privacy Protection Agency actively enforce CCPA, with penalties of $2,500 per unintentional violation and $7,500 per intentional violation. CCPA established the model that over a dozen US states have since followed with their own comprehensive privacy laws, making CCPA compliance a practical baseline for US-wide privacy operations.
CDA maps CCPA consumer rights to the Data Protection and Sovereignty domain within C-BUILD campaigns. Our missions implement request intake systems, establish verification procedures, build automated fulfillment workflows for each right, and create compliance documentation that satisfies California Privacy Protection Agency audit requirements.
CDA Theater missions that address topics covered in this article.
Technical requirements for complying with California's privacy laws, including data mapping, consumer rights, and security obligations.
The CCPA is California's landmark privacy law granting consumers rights over their personal data and imposing obligations on businesses that collect it.
Written by CDA Editorial
Found an issue? Help improve this article.