Everyone in the ad tech industry should have January 1, 2023, highlighted and underscored—twice—on their calendars. That’s the day that both the Virginia Consumer Data Protection Act (CDPA) and the California Privacy Rights Act (CPRA) take effect, imposing new obligations on businesses engaging in targeted advertising to Virginia and California consumers.
The two laws have some things in common. Both, for example, will require businesses to provide opt-out rights for behavioral advertising. But advertisers should be aware of the key differences between the two laws. These start with the fact that the CDPA’s terms appear to be more flexible and include broader exceptions, which should simplify companies’ efforts to comply with both the CPRA and CDPA.
But there’s more to it than that. Let’s take a look at how the laws differ.