1. Knowledge base
  2. Regulation updates

January 2023 - CPRA and VCDPA

On January 1st, 2023, new data protection laws and regulations will enter into force in California and Virginia.


Previously in California, consumer rights and business obligations were defined by the California Consumer Privacy Act, also known as CCPA (which went into effect January 1st, 2020). California Privacy Rights Act, also known as CPRA or Proposition 24, amends and expands CCPA. 

CCPA addressed the necessity to provide a clear and easily accessible for consumers link on the homepage, titled “Do not sell my personal information”, which is supposed to link a consumer to a page where they could opt out of the sale of their personal information. A description of consumer rights and a separate “Do not sell my personal information” link should have also been added to an online privacy policy and/or any specific description of consumers’ privacy rights. All of these apply to businesses subject to CCPA that sell consumers’ personal information to third parties. 

CPRA expands this right by allowing consumers to limit both sales and sharing of their personal information. Businesses are now required to provide a clear link on the homepage titled “Do not sell or share my personal information” which will lead a consumer to an internet web page where they could opt out of selling or sharing their personal information with third parties. 

In addition to this, businesses processing sensitive personal information are now required to provide a similar link on their homepage titled “Limit the use of my sensitive personal information”. If your business processes sensitive personal information and you would like to enable this request type for your privacy widget we have added this request type to “Requests”. 


You may provide a single link instead of two when your business needs to provide both. In this case, you should provide an easily accessible for customers link at your business internet homepage that allows consumers to exercise their rights and submit a request. 

To find out more about how to configure an easily accessible footer link to the Clym privacy widget on your website, please review our guideline

For more information on how to change your widget’s layout click here.



Virginia has become the second state to enact data privacy law similar to the European data protection framework. The Virginia Consumer Data Protection Act, also known as the VCDPA or CPDA, also became effective on January 1st, 2023. 


Make sure that the Clym privacy widget is easily accessible for your customers on your website, if you wish to add a link allowing your customers to easily access the Clym privacy widget, please review our step-by-step guidelines on how to do it. 


VCDPA businesses are not required to provide a “Do not sell my personal information link” to opt out of their data selling or sharing, however, consumers are provided with several rights, including a right to opt out of their data processing for purposes of targeting advertisement and profiling. Businesses are expected to provide information about consumers’ rights and how to exercise them in a Privacy Notice or similar page. 

If you have not installed the Clym privacy widget on your website yet, and need an installation guideline, click here

If you encounter any challenges, please reach out to us at support@clym.io.