Search for:

In brief

The California Privacy Rights Act of 2020 (CPRA) introduces sweeping changes to the California Consumer Privacy Act of 2018 (CCPA), most of which will become operative as of 1 January 2023 with a “look back” to 1 January 2022.

Some key revisions include:

  • A new definition of “sensitive personal information” and detailed obligations regarding the processing of sensitive personal information for non-essential purposes;
  • A new and counterintuitive definition of “sharing” personal information and related restrictions aimed at the digital advertising industry;
  • New data subject rights to correct inaccurate information, limit the processing of sensitive personal information, and opt out of “sharing” personal information and the use of automated decision-making technology;
  • New requirements to include data protection and processing terms in contracts with data recipients and vendors;
  • New requirements regarding what privacy notices must include and how they must be furnished to data subjects; and
  • The establishment of a new privacy authority, the California Privacy Protection Agency.

Baker McKenzie Partner Lothar Determann and Associate Jonathan Tam recently published a paper in the Journal of Data Protection and Privacy summarizing some of the key revisions that CPRA makes to CCPA and offering practical recommendations on how companies subject to the law must comply. The revised CCPA is just one of myriad privacy laws that companies must take into account when doing business in California. The paper reflects the authors’ opinions only.

Click here to read the full paper.


Lothar Determann has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto. He is a member of the Firm's International/Commercial Practice Group and the TMT and Healthcare industry groups.


Jonathan Tam is an associate in Baker & McKenzie´s Toronto office. He advises clients on regulatory compliance, with experience in the areas of global privacy, information technology, cyberlaw, international trade and commerce, intellectual property and telecommunications. He has co-authored multiple publications focusing on accountability in the privacy context, and routinely coordinates multijurisdictional projects aimed at ensuring that clients’ global operations safely comply with applicable local requirements.