iNo.
The CPRA created a new sub-category of personal information that it labels “sensitive personal information.” [1] The sub-category is comprised of twenty specific data fields which include, among other things, the religious beliefs, racial origin, precise geolocation, or sexual orientation of a consumer. Beginning on January 1, 2023, if a business collects sensitive personal information and the business uses or discloses the sensitive personal information in a way that is not specifically authorized by the statute, the business will be required to post a “Limit the Use of My Sensitive Personal Information” link on their homepage.[2] If a business does not collect sensitive personal information, or collects such information but only uses it as contemplated by the statute (e.g., as is necessary and reasonably expected to provide products or services requested by a consumer) the business will not be required to post such a link.
[1] CPRA, 1798.140(ae).
[2] CPRA, 1798.135(a)(2).
