Request a demo
Test your compliance
Login to console


Get ready for the California Privacy Rights Act (CPRA)

Learn about the main impact of the law on your business and digital activities, and how Didomi can help ensure compliance.

Request a demo Download the checklist
What to expect?

July 2023: California Privacy Rights Act (CPRA) enforcement begins. 

Consumers will now have the right to:
  • Opt-out of selling or sharing personal information, including third-party ad cookies

  • Access, correct and delete their personal data, with third-party notifications

  • Be informed of personal data retention periods and/or criteria

  • Opt-in is needed for Sensitive Personal Information (including geolocation)
Businesses have new obligations:

  • Display a notice to inform the user of personal information collection

  • Provide users with a way to exercise their rights (accepting and processing Data Subject Requests)

  • Keep data collected to a minimum, and limit purposes for collection

  • Carry out risk assessments and fulfill cybersecurity requirements
Risks are both financial and reputational:
  • Fines up to $7,500 per intentional violation / per impacted user = potentially millions

  • Fines up to $2,500 per non intentional violation

  • Reputation, loss of transparency and trust (40% of consumers would switch brands after a negative privacy experience SOURCE)

  • With CPRA, there is no longer a 30 day grace period to correct violations after notification


What is the digital impact of opt-out with CPRA?

41 (77) (1)
41 (76) (1)

CPRA - Measurement

Opt-out: impact on analytics

You cannot measure analytics performance (sessions/sales).

You cannot share data with your MarTech ecosystem.

Important: server-side tracking is not exempt. You’ll need to calculate performance more holistically with data modelling.

Add a little bit of body text (2)

CPRA - Marketing

Opt-out: impact on media performance

You cannot run remarketing audiences

You cannot  track conversions (lower in-platform performance, lower data points for AI optimization).

If you are a site publisher, you won't be able to maximize your advertising revenue.

Post-September 2023 (1)


Opt-out: impact on user experience

Harder to map out the customer journey.

Loss of trust (i.e., user refuses tracking but ends up getting targeted ads, has trouble accessing data, etc).

Bounce (i.e., user is put off by confusing or un-engaging privacy notice and leaves the site).

41 (81)

Didomi helps you manage requirements for CPRA and privacy laws worldwide.41 (62)


Consent management

Ensure the right to opt-out and collect user consent in all countries and devices.

Create privacy notices that reflect your brand while easily managing data providers and purposes. 

Generate proof of consent in case of audit or complaint.

Measure and optimize your consent rate with advanced Analytics.

Detect, apply and respect Global Privacy Control (GPC).


Easy fulfillment of Data Subject Access Requests

Privacy Requests 

No more manual handling of requests.

Intuitive processes for both site users and your own team.

Monitoring of key metrics to optimize your DSAR flow and improve spend per request and turnaround time.


Tag governance: privacy breach detection

Advanced compliance monitoring

Monitor and manage tracking pixels and other tags used on your websites.

Protect sensitive user data and ensure transparency around data collection and usage.

1 9

They trust us


41 (51)


Have questions about the impact of CPRA on your business, agency or consulting firm?


Our expert Joshua Revan will be happy to help you.

Request a demo