Compare state privacy laws

Pick 2–4 states. See thresholds, rights, cure periods, and penalties side-by-side — with the strictest requirement highlighted on each row.

Pick 2–4 states (2 selected)
Click to add or remove.
CA
California
CCPA / CPRA
TX
Texas
TDPSA
Effective
2020-01-01
2024-07-01
Consumer threshold
100,000+
or $25M+ revenue
Strictest
Revenue-based
Most lenient
Cure period
None
Strictest
30 days
Most lenient
Honor GPC signal
Required
Strictest
Required
Strictest
Max penalty / violation
$7,500
$7,500
Response deadline
45 days
45 days
Data protection assessment
Required
Strictest
Required
Strictest
Vendor agreements
Required
Strictest
Required
Strictest
Enforced by
California Privacy Protection Agency (CPPA) and Attorney General
Texas Attorney General

Consumer rights

Access
Yes
Yes
Correction
Yes
Yes
Deletion
Yes
Yes
Portability
Yes
Yes
Opt out of sale
Yes
Yes
Opt out of sharing
Yes
Opt out of targeted ads
Yes
Yes
Opt out of profiling
Yes
Limit sensitive data use
Yes
Non-discrimination
Yes
List of third parties
Read full CCPA / CPRA guide →Read full TDPSA guide →
Strictest of the selected statesMost lenient of the selected states
Not sure which laws apply to your store?

Run a free 60-second compliance check across all U.S. state privacy laws.

Check my compliance →