As Mr. Chhabra explained, there's a continuum of the privacy-enhancing nature of the state of a piece of information. On one end is anonymization, which essentially renders it incapable of being able to reidentify the individual, and then, on the other end, it would be fully declarable. I don't know what the right term is, but it's essentially understood who the individual is.
The goal is to create a continuum of likely states of information and recognize their existence in a commercial context, which the CPPA will regulate, ensure that appropriate safeguards are placed along each stage of the continuum and then potentially encourage the usage of information in those states with the appropriate safeguards in place at each stage.