anonym.legal

By · Last updated 2026-06-05

Rudi kwa BlogGDPR & Ufuatiliaji

CCPA/CPRA 2025: Sheria ya Faragha ya AI ya California

CPPA ilitoa faini zaidi ya dola milioni 100 mwaka 2024. CPRA inashughulikia Wakalifornia milioni 40 na inatumika kimataifa kwa biashara nyingi. Kategoria 19 za data nyeti, na maamuzi otomatiki.

June 5, 202610 dakika kusoma
CCPA CPRACalifornia privacy lawCPPA enforcementUS state privacyAI compliance

CCPA/CPRA: Mwongozo wa Sheria ya Faragha ya California

Imesasishwa kwa 2026.

Sheria ya Haki za Faragha ya Watumiaji ya California (CPRA) ilianza kutumika mwaka 2023. Ilianzisha Shirika la Kulinda Faragha la California (CPPA). CPPA ni msimamizi wa kwanza wa faragha wa jimbo nchini Marekani. Mwaka 2024, CPPA ilitoa faini zaidi ya dola milioni 100. Hii ni utekelezaji hai — si kanuni ya karatasi.

Nani Lazima Azingatie

Majaribio matatu yanabainisha ikiwa sheria inatumika. Biashara lazima ikidhi mojawapo yao.

  • Mapato ya kila mwaka ya dola milioni 25 au zaidi.
  • Data ya kibinafsi kutoka kwa watumiaji 100,000 au zaidi wa jimbo.
  • Zaidi ya 50% ya mapato kutoka kuuza taarifa za kibinafsi.

Jimbo lina wakazi milioni 40. Ni uchumi wa tano kwa ukubwa duniani. Makampuni mengi ya kimataifa yanakidhi jaribio moja angalau.

Kategoria 19 za Data Nyeti

Sheria inaunda safu maalum kwa maelezo nyeti ya kibinafsi. Makampuni lazima yape watumiaji taarifa za ziada na haki ya kupunguza matumizi. Aina 19 ni:

  1. Nambari za Usalama wa Jamii, leseni ya kuendesha gari, kitambulisho cha jimbo, pasi
  2. Nambari za akaunti za fedha au kadi zenye nambari za ufikiaji
  3. Eneo sahihi la kijiografia (ndani ya mita 1,852)
  4. Asili ya rangi au kabila
  5. Imani za kidini au za falsafa
  6. Uanachama wa muungano
  7. Maudhui ya barua pepe au barua za posta za kibinafsi
  8. Taarifa za vinasaba
  9. Rekodi za biometric kwa utambulisho
  10. Rekodi za afya au matibabu
  11. Mwelekeo wa ngono au maisha ya ngono
  12. Hali ya uhamiaji (iliongezwa mwaka 2024)
  13. Rekodi za afya ya akili (iliongezwa mwaka 2024)
  14. Hali ya uraia
  15. Nambari za akaunti za fedha bila nambari za ufikiaji
  16. Hali ya ulemavu
  17. Viashiria vya hali ya ajira
  18. Taarifa za sera za bima
  19. Rekodi za uhalifu au kukamatwa

Kwa kila kategoria, watumiaji wanaweza kupunguza jinsi biashara inavyoitumia na kuishiriki. Haki hii ni tofauti na haki ya jumla ya kujiondoa kwenye mauzi.

Kile CPPA Ilicholilenga Mwaka 2024

Hatua za CPPA za 2024 ziliangukia maeneo manne.

Usajili wa madalali wa data. Jimbo linahitaji madalali wa data kusajiliana na CPPA. Shirika lilipata madalali mamia ambao hawakusajiliwa wakiuza wasifu wa watumiaji.

Zana zisizofanya kazi za kujiondoa. Majukwaa mengi ya idhini hayakutoa kujiondoa halisi. Kitufe hakikufanya kazi, au kujiondoa kulishughulikia matumizi machache tu.

Maamuzi ya AI bila taarifa. Kanuni za AI za 2025 zinahitaji taarifa zana otomatiki zinapofanya maamuzi muhimu. Ajira, mkopo, na makazi yote yanashughulikiwa. Kesi kadhaa za 2024 zililenga zana za AI zilizotumika bila taarifa hii.

Rekodi za watoto. Kanuni ya Muundo Inayofaa kwa Umri ya California inatumika kwa huduma yoyote ambayo vijana wanaiwezekana kutumia. Makampuni hayo lazima yakamilishe Tathmini ya Athari ya Kulinda Data. CPPA iligundua makampuni mengi hayakufanya hili.

Sheria ya Jimbo dhidi ya GDPR: Tofauti Muhimu

Uzingatiaji wa GDPR haukufuniki California. Sheria zinashiriki malengo lakini zinatofautiana kwenye mambo muhimu.

Kujiondoa dhidi ya kuingia. GDPR inahitaji idhini ya kuingia kwa matumizi mengi ya data nyeti. Sheria ya jimbo inatumia mfano wa kujiondoa. Usindikaji unaruhusiwa hadi mtumiaji anapinga.

Haki za watumiaji. Sheria zote mbili zinatoa haki za upatikanaji, ufutaji, na urekebishaji. Sheria ya jimbo inaongeza haki ya kujiondoa kwenye maamuzi otomatiki. GDPR Kifungu 22 kinashughulikia hili pia, lakini kwa upeo mdogo.

Rekodi za wafanyakazi. Sheria ya jimbo inashughulikia maelezo ya kibinafsi ya wafanyakazi kikamilifu. GDPR pia, lakini nchi wanachama wa EU zina sheria zao za ajira. Faragha ya wafanyakazi katika jimbo mara nyingi inahitaji njia yake ya uzingatiaji.

Aina nyeti. Aina 19 za jimbo zinafanana kwa sehemu na GDPR Kifungu 9. Hali ya uhamiaji na nambari za akaunti zinazosimama peke yao ni mahususi kwa jimbo.

Angalia mwongozo wa uzingatiaji wa kisheria kwa jinsi wajibu huu unavyokusanywa.

Mahitaji ya Wasambazaji wa AI

Kanuni za AI za 2025 zinaunda wajibu wazi kwa makampuni yanayotumia zana za AI kwenye rekodi za watumiaji.

Mikataba ya wasambazaji. Watoa huduma lazima wasaini makubaliano ya maandishi. Makubaliano lazima yashughulikie mambo manne. Kwanza, tumia rekodi kwa madhumuni yaliyotangazwa tu. Pili, futa rekodi wakati huduma inaisha. Tatu, shiriki maombi ya haki za watumiaji. Nne, weka usalama wa kutosha.

Taarifa ya maamuzi otomatiki. Ikiwa zana ya AI inasaidia kuamua kuhusu mkopo, udanganyifu, au ajira — watumiaji lazima waambiwe. Lazima pia wapate kujiondoa.

Mipaka ya mafunzo ya AI. Ikiwa rekodi za watumiaji zilifunza mfano wa AI, mfano huo una mipaka. Hauwezi kutumika kwa madhumuni yanayokinzana na sababu ya asili ya ukusanyaji.

Kiuamuzi cha moja kwa moja kwa timu nyingi: ondoa vitambulisho vya kibinafsi kabla rekodi hazijaingia mfumo wowote wa AI. Hii inakidhi kanuni za maamuzi ya AI na kupunguza hatari ya aina nyeti kwa wakati mmoja.

Jifunza jinsi anonym.legal inavyoondoa vitambulisho kabla ya usindikaji wa AI katika /security-compliance.

Mambo Muhimu

Sheria ya jimbo inashughulikia makampuni mengi ya kimataifa yenye wateja katika jimbo. Inaongeza aina 19 nyeti, shirika hai la utekelezaji, na kanuni za taarifa za AI. Uzingatiaji wa GDPR hauchukui nafasi ya uzingatiaji wa jimbo. Hatua iliyo wazi zaidi: ondoa vitambulisho vya kibinafsi kabla rekodi hazijaingii zana za AI.

Soma kuhusu upunguzaji wa data katika /docs/faq.

Vyanzo

  • CPPA: Shirika la Kulinda Faragha la California. cppa.ca.gov.
  • Maandishi kamili ya Sheria ya Haki za Faragha ya California (CPRA). leginfo.legislature.ca.gov.
  • CPPA: Kanuni za Teknolojia ya Kufanya Maamuzi Otomatiki 2025. cppa.ca.gov.
  • Kanuni ya Muundo Inayofaa kwa Umri ya California. leginfo.legislature.ca.gov.

Makala Zinazohusiana

GDPR & Ufuatiliaji

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR & Ufuatiliaji

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR & Ufuatiliaji

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

Tayari kulinda data yako?

Anza kuanonymisha PII na aina 285+ za vitu katika lugha 48.

Anza Jaribio la BureTazama Vipengele

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.