Practise California Consumer Privacy Act and CPRA vocabulary: opt-out rights, sensitive personal information, and business classification.
0 / 5 completed
1 / 5
Under CCPA/CPRA, the right to 'opt out of the sale of personal information' means:
CCPA's opt-out right (GDPR uses opt-in for similar purposes). Businesses must provide a clear 'Do Not Sell or Share My Personal Information' link. CPRA extended this to also cover 'sharing' for cross-context behavioural advertising.
2 / 5
Under CPRA, 'sensitive personal information' includes which of the following?
CPRA created a new category of 'sensitive personal information' (SPI) with stronger protections: consumers can limit its use/disclosure. SPI includes government IDs, financial credentials, precise geo, health, genetic, biometric, union membership, immigration status, and sexual orientation/identity data.
3 / 5
A business qualifies as subject to CCPA if it meets which threshold?
CCPA thresholds ensure small businesses are exempt. For 2023+: the consumer threshold increased to 100,000 consumers/households. Businesses above any single threshold must comply — size doesn't require meeting all three.
4 / 5
The key difference between GDPR consent and CCPA opt-out is:
GDPR is opt-in (consent must be obtained first); CCPA is opt-out (businesses can process/sell until told not to). This is a fundamental legal architecture difference: GDPR assumes data protection is the default; CCPA assumes data use is the default until objected to.
5 / 5
Under CPRA, a 'service provider' is distinct from a 'third party' in that:
The service provider / third party distinction determines whether data sharing is a 'sale'. Sharing with a contracted service provider who can only use data to provide services is not a sale. Sharing with a third party who can use data for their own purposes may be a sale triggering opt-out rights.