• California Privacy Laws •
California is the most privacy-protective state in the US. Here's a plain-English breakdown of the laws that give you real power over your data.
Why California?
The California Constitution explicitly guarantees a fundamental right to privacy. That's not a law — it's in the state's founding document. California has built on that foundation with some of the most comprehensive consumer privacy laws anywhere in the United States, and many of them specifically protect you as a young person.
Because California is so large and influential, many of these protections have ripple effects nationwide — companies often apply California rules to all their users because it's easier than building separate systems.
The Laws Explained
Here are the key laws protecting your data, broken down into plain language.
The landmark law that first gave California consumers broad privacy rights. It applies to for-profit businesses that collect personal data from California residents and meet certain thresholds (size or revenue). Under the CCPA, you have the right to know what data is collected, request deletion, and opt out of the sale of your data.
The CPRA expanded the CCPA significantly. It created a new state agency — the California Privacy Protection Agency — dedicated solely to enforcing privacy law. It also added new rights and tightened rules around "sensitive personal information."
Specifically designed to protect minors online, this law requires companies to design products with children's wellbeing in mind. Any online service "likely to be accessed by children" must follow strict rules — even if it's not specifically a kids' app.
Requires commercial websites and online services that collect personal information from California residents to post a clear, conspicuous privacy policy. This was one of the first laws in the US to require privacy policies — and it set a national standard.
Protects your digital communications from government access. Law enforcement must obtain a warrant before accessing your emails, texts, location data, or device contents. This is stronger than federal law.
Know Your Rights
The CCPA and CPRA together give you these six enforceable rights with companies that operate in California.
You can ask a business what personal information it has collected about you, where it came from, how it's used, and who it's shared with. Businesses must respond within 45 days.
You can request that a business delete your personal information. They must also tell their service providers to delete it. Some exceptions apply (like if they need it to complete a transaction).
You can tell businesses not to sell or share your personal data. Look for "Do Not Sell or Share My Personal Information" links on websites, or use a browser with Global Privacy Control (GPC) enabled.
If a company has wrong information about you — your address, name, or anything else — you can request that they fix it.
For sensitive personal information (health data, precise location, racial/ethnic origin, sexual orientation), you can limit how businesses use and disclose it.
A company cannot deny you service, charge you more, or give you a worse experience just because you exercised your privacy rights.
Take Action
Knowing your rights is step one. Here's how to use them in practice.
Look at the bottom of any website for "Privacy Policy" or "Do Not Sell My Personal Information." By law, California-covered businesses must have these links visible.
Most large companies have an online form to request a copy of your data. You may need to verify your identity. The company has 45 days to respond. Look for "Data Access Request" or "Privacy Request Form" on their site.
Use the same privacy form to submit a deletion request. The company must delete the data they hold about you and notify their service providers. Note: they can refuse if keeping it is required by law or for a legitimate business reason.
GPC is a browser signal that automatically tells every website you visit not to sell or share your data. It's legally recognized under California law. Browsers like Brave, Firefox (with extension), and DuckDuckGo support it. Once enabled, you don't have to opt out site by site.
If a business ignores your request or violates your rights, you can file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's office. Companies can face fines of up to $7,500 per intentional violation.