CPRA AI Provisions
View Law TextMaximum Fine
$7,500 per violation
Scope
California Businesses
Regulator
CPPA
Effective Date
January 1, 2023
Need Help with CPRA AI Provisions Compliance?
California Privacy Rights Act Artificial Intelligence Regulations
Get Expert HelpOverview
The California Privacy Rights Act includes specific provisions governing automated decision-making technology and profiling, requiring businesses to provide meaningful information about the logic involved and allow consumers to opt-out of automated processing.
Key Facts
- Requires disclosure of automated decision-making
- Mandates opt-out rights for profiling
- Enforces transparency in AI logic
- Protects against discriminatory AI use
- Requires regular AI impact assessments
Key Principles
AI Transparency
Requirements for transparent AI systems
Requirements
- Clear disclosure of AI use
- Explanation of decision logic
- Impact of automated decisions
- Consumer rights notification
- Documentation of AI systems
Examples
- Privacy policy AI sections
- Decision logic documentation
- Impact assessment reports
- Consumer notices
- System documentation
Consumer Rights
AI-related rights for consumers
Requirements
- Right to opt-out of profiling
- Access to AI decision information
- Right to correct AI decisions
- Right to human review
- Non-discrimination protections
Examples
- Opt-out mechanisms
- Information request processes
- Correction procedures
- Human review protocols
- Non-discrimination policies
Risk Assessment
AI risk evaluation requirements
Requirements
- Regular impact assessments
- Risk mitigation measures
- Monitoring procedures
- Documentation requirements
- Review processes
Examples
- Assessment documentation
- Mitigation plans
- Monitoring reports
- System documentation
- Review records
Compliance Requirements
AI Disclosure Requirements
Mandatory AI system disclosures
Implementation Steps
- Identify AI systems in use
- Document decision logic
- Prepare consumer notices
- Implement opt-out mechanisms
- Maintain documentation
Required Documentation
- AI system inventory
- Logic documentation
- Consumer notices
- Opt-out records
- System documentation
Impact Assessments
Required AI impact evaluations
Implementation Steps
- Conduct risk assessments
- Evaluate potential impacts
- Document findings
- Implement controls
- Regular reviews
Required Documentation
- Assessment reports
- Impact evaluations
- Control documentation
- Review records
- Mitigation plans
Rights Management
Consumer rights handling
Implementation Steps
- Process opt-out requests
- Handle information requests
- Manage corrections
- Provide human review
- Document responses
Required Documentation
- Request logs
- Response records
- Correction documentation
- Review records
- Process documentation
Enforcement & Penalties
Administrative Enforcement
Enforcement by the California Privacy Protection Agency
Penalty Categories
Intentional Violations
$7,500 per violation
For intentional violations or violations involving minors
General Violations
$2,500 per violation
For general violations of AI provisions
Non-Compliance
Varies
Additional penalties for ongoing non-compliance
Example Cases
Automated Decision-Making Violation
$7,500 per incident
2023 - Failure to provide opt-out mechanisms
Disclosure Violation
$2,500 per incident
2023 - Inadequate AI system disclosure