I
Impetora
Regulation

CCPA + AI

The California Consumer Privacy Act (CCPA), as amended by the CPRA, applies to AI systems that process personal information of California residents and grants rights including access, deletion, and opt-out of automated decision-making.

What is CCPA + AI?

The CCPA gives California residents rights similar in spirit to GDPR, with notable differences in scope (commercial activity threshold, sale and sharing definitions). The CPPA's 2024 automated decision-making rules add specific obligations for systems making 'significant decisions' about consumers, including pre-use risk assessments, transparency notices, and access and opt-out rights.

How does CCPA + AI apply to enterprise AI?

US enterprises with California customers and AI-driven decisions must publish ADM disclosures, support opt-out and access requests, and document risk assessments. Many vendors design once for GDPR and reuse the controls for CCPA with minor adaptations.

Related terms

Regulation

GDPR

The General Data Protection Regulation (GDPR) is the EU's data-protection regulation, governing the processing of personal data of people in the EU and EEA.
Governance

Transparency Notice

A transparency notice is a clear disclosure to users that they are interacting with an AI system, what it is doing with their data, and what its limits are.
Governance

AI Risk Management

AI risk management is the discipline of identifying, assessing, mitigating, and monitoring the harms an AI system can cause across its lifecycle.

External references

Impetora

Need help applying CCPA + AI to your enterprise? Submit a short brief and we reply within one business day.

Submit a projectBack to glossary
Discovery call

Book a discovery call

Tell us what you would like to build. We reply within one business day.

30-minute call. Free of charge. No obligation.