California Consumer Privacy Act (CCPA)

What is the CCPA?

Everything you need to know about cookies, consent and CCPA!

CCPA came into effect on January 1st, 2020

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a Data Privacy law meant to enhance privacy rights and consumer protection for residents of California, United States.

The CCPA regulates how businesses may collect, share and process personal information (PI) of Californian residents.

The new law, effective of January 1st 2020, is a result of an increased role of personal information in contemporary business practices and the personal privacy implications surrounding the collection and processing (use of) consumers’ personal information.

Failure to comply with the CCPA may result in penalties of up to $7500 for each violation and $750 for each affected user in civil damages.

Table of Contents

Checklist to comply with the CCPA

ccpa-popup

Who does the CCPA apply to?

$ 1 m
If your company has an annual gross revenue above $25 million
1 K
Buying, selling or sharing personal information of more than 50,000 customers, households or devices
1 %
More than 50% of annual revenue is derived from selling California consumers' personal information

Consumer rights under the CCPA

Five central CCPA consumer rights
  • Right to notice
  • Right to access
  • Right to opt-out
  • Right to delete
  • Look back requirements

The CCPA requires you to inform your users (consumers) at the point of - or before - the collection of their personal information.

You must describe which categories of personal information you collect and what the data is used for (purpose). Furthermore, you must include a description of consumer rights and how to exercise those rights in your privacy policy.

Your users have the right to request access to the personal information your business stores about them.

As a business, you are required to provide the necessary information collected.

Your users have the right to opt-out of the sale of their personal information (also to a third party).

You are required to implement a “Do Not Sell” link on your website and in your privacy policy. This way, your users can easily opt-out of personal data collection.

Your users can request to have their personal information deleted. If they do, you must meet their request.

Personal information, under the CCPA is: name, postal address, email address, account name, driver’s license number, passport number, and other data that can identify your user.

If one of your users (consumer) requests access to their personal information, you are required to provide a detailed record for the past 12 months (at the time of the request).

CCPA VS GDPR

Contrary to the General Data Protection Regulation, which is a European law that focuses mainly on complete privacy of the user of a website by default, the CCPA is more based on the idea of transparency and being able to opt-out.

The CCPA also needs to be informative about the data transfers and previously sold user-information from the past 12 months.

How can we help your business?

Get a 30-day free trial to Cookie Information’s CCPA consent solution to comply with the California Consumer Privacy Act.

Where to start with cookies?

Join our webinars about compliance in the Nordics