[10][12] Additionally, the EU’s passage of the General Data Protection Regulation (GDPR) in 2018 spurred greater interest in adopting a similar measure in the US.

[12] He later came to an agreement with Californian lawmakers to pass a scaled back version of the CCPA which was ultimately signed into law by Governor Brown.

[13] Most notably, the CPRA altered the criteria that subjects a business to its rules and established the California Privacy Protection Agency to take the lead on enforcement of the CCPA.

[15] The CPRA also altered the CCPA to apply to businesses buying, selling, or sharing personal information of 100,000 or more consumers compared to the previous 50,000 or more.

The act applies to businesses meeting any of the three following criteria: (1) have $25 million in annual gross revenue in the preceding year (2) buys, sells, or shares the personal information of 100,000 or more consumers or households (3) businesses whose majority of revenue (50% or more) is earned from selling or sharing personal consumer information.

[11][17] The ability to revoke consent for a business to sell or share a consumer's information through easily accessible tools is an integral part of the CPRA's modification of the CCPA.

[17] This right essentially permits Californian consumers to require businesses to stop selling their information, thereby preventing the kinds of misuse and unknown sales of personal data that spurred the creation of the CCPA.