July 2023: California Privacy Rights Act (CPRA) enforcement begins.
- Opt-out of selling or sharing personal information, including third-party ad cookies
- Access, correct and delete their personal data, with third-party notifications
- Be informed of personal data retention periods and/or criteria
- Opt-in is needed for Sensitive Personal Information (including geolocation)
- Display a notice to inform the user of personal information collection
- Provide users with a way to exercise their rights (accepting and processing Data Subject Requests)
- Keep data collected to a minimum, and limit purposes for collection
- Carry out risk assessments and fulfill cybersecurity requirements
- Fines up to $7,500 per intentional violation / per impacted user = potentially millions
- Fines up to $2,500 per non intentional violation
- Reputation, loss of transparency and trust (40% of consumers would switch brands after a negative privacy experience SOURCE)
- With CPRA, there is no longer a 30 day grace period to correct violations after notification
What is the digital impact of opt-out with CPRA?
CPRA - Measurement
Opt-out: impact on analytics
You cannot measure analytics performance (sessions/sales).
You cannot share data with your MarTech ecosystem.
Important: server-side tracking is not exempt. You’ll need to calculate performance more holistically with data modelling.
.png)
CPRA - Marketing
Opt-out: impact on media performance
You cannot run remarketing audiences.
You cannot track conversions (lower in-platform performance, lower data points for AI optimization).
If you are a site publisher, you won't be able to maximize your advertising revenue.
CPRA - UX
Opt-out: impact on user experience
Harder to map out the customer journey.
Loss of trust (i.e., user refuses tracking but ends up getting targeted ads, has trouble accessing data, etc).
Bounce (i.e., user is put off by confusing or un-engaging privacy notice and leaves the site).
Didomi helps you manage requirements for CPRA and privacy laws worldwide..svg)
ANY DEVICE, ANY ENVIRONMENT
Consent management
Ensure the right to opt-out and collect user consent in all countries and devices.
Create privacy notices that reflect your brand while easily managing data providers and purposes.
Generate proof of consent in case of audit or complaint.
Measure and optimize your consent rate with advanced Analytics.
Detect, apply and respect Global Privacy Control (GPC).

Easy fulfillment of Data Subject Access Requests
Privacy Requests
No more manual handling of requests.
Intuitive processes for both site users and your own team.
Monitoring of key metrics to optimize your DSAR flow and improve spend per request and turnaround time.

Tag governance: privacy breach detection
Advanced compliance monitoring
Monitor and manage tracking pixels and other tags used on your websites.
Protect sensitive user data and ensure transparency around data collection and usage.