Achieve CCPA compliance and gain consumer trust
Implement all your CCPA compliance requirements under one roof. Display opt-out notice, ‘Do not sell’ link and generate privacy disclosures.
The #1 cookie consent solution, trusted by 1.4 Million+ websites
What is CCPA?
The California Consumer Privacy Act (CCPA) is data privacy legislation that applies to businesses that process the personal data of California residents. Effective January 1, 2020, CCPA provides individuals control over the personal data that businesses collect about them.
Who does CCPA
apply to?
The CCPA applies to for-profit businesses that collect, share, or sell the personal information of California residents and fit any of the criteria.
$25M
Has annual gross revenues over $25 million
50K
Process personal information of 50,000 or more consumers, households, or devices
50%
Earns more than 50% of annual revenue from the sale of personal information
CCPA Compliance Checklist for Websites
Display CCPA opt-out notice to respect the user’s right to opt-out
Add a clear and conspicuous “Do Not Sell My Personal Information” link
Include an up-to-date and accessible privacy policy and cookie policy
Meet CCPA Compliance Requirements with CookieYes
Implement ‘Do not sell’ opt-out notice
The CCPA requires businesses to respect the consumer’s right to opt-out of the sale of their personal information to third parties. This includes data collected through cookies. With CookieYes you can
Comply with GDPR and CCPA regulations
If your website has visitors from both US and the EU, then it is important to comply with both laws. Businesses are required to display an opt-out notice for CCPA and a cookie consent banner for GDPR. With CookieYes, you can
Add a privacy policy
Under CCPA, businesses should include an up-to-date privacy policy on their website. It should describe what personal information is collected, the data processors, the purpose of collection and description of consumer rights. With our privacy policy generator, you can
Create a cookie policy
Under the CCPA, businesses must include a disclosure about their use of cookies in their policies. It can either be included within the privacy policy or added as a separate disclosure. With our cookie policy generator, you can
Comply with CCPA and ever-evolving privacy laws in the US
What are consumer rights under CCPA?
Right to notice
The right to know about the personal information a business collects about them and how it is used and shared.
Right to deletion
The right to delete personal information that a business has collected from them.
Right to opt-out
The right to opt-out of the sale of their personal information by a business.
Right to non-discrimination
The right to not be discriminated against for exercising their consumer rights under CCPA.
What are the penalties for non-compliance with the CCPA?
Businesses can get civil penalties of up to $7500 for each intentional violation while each unintentional can amount to a fine of up to $2500. Businesses will have a 30-day cure period to rectify violations before the California Attorney General takes action.
CCPA provides a private right of action to consumers under limited circumstances if they suffer a data breach due to negligence from a business. Consumers can sue for the amount equal to the monetary damages they actually suffered from the breach or “statutory damages” of up to $750 per incident.
FAQ on CCPA Compliance
The California Consumer Privacy Act (CCPA) is a state-wide privacy regulation enacted in 2018. CCPA compliance applies to any for-profit entity doing business in California that collects, shares, or sells the personal information of California residents.
To be CCPA compliant, companies are required to meet certain standards for data collection and processing of any personal data that can be linked, associated, or related to Californians.
Help guide: How to use CookieYes for CCPA Compliance
No, the California Privacy Rights Act (CPRA) does not replace the CCPA but amends it. The CPRA is an expansion of the CCPA, as it modifies existing provisions and introduces additional requirements for businesses operating in California. The CPRA came into effect on January 1, 2023.
Read more: Complete Guide to CPRA
Under CCPA, personal information is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific consumer or household. CCPA maintains a broad definition of personal information but excludes de-identified/anonymized information from it.
Personal information can be identifiers such as name, identification number, IP addresses, biometric information or characteristics such as race, ancestry, religion, age, sex, sexual orientation, gender, medical condition etc.
Cookies and similar tracking technologies are classified as unique identifiers and can be considered personal information under CCPA. A unique identifier could directly or indirectly identify an individual consumer, family, or device over time and across services.
These identifiers can include IP addresses, cookies, beacons, pixel tags, mobile ad identifiers, customer numbers, unique pseudonyms, user aliases, and telephone numbers.
CCPA requires that users be able to opt out of the sale of personal information. This means the website should give users the choice to opt out of the use of cookies that are not strictly necessary, especially third-party cookies such as tracking cookies used for advertising.
CCPA requires businesses to disclose how they collect, use and retain personal information about California residents. Businesses are therefore required to maintain a CCPA-specific privacy policy that is available to the consumers.
A CCPA privacy policy should disclose what personal information is being collected about consumers, how it is being used, and with whom it is being shared. It should also detail the consumer’s rights as per CCPA and how they can exercise these rights.
CCPA applies to all for-profit organizations that process the information of California residents to offer goods or services. The law does not require the business to have a physical presence in California. In short, any business that deals with the personal data of California residents have to be CCPA compliant.
The CCPA law provides consumers with the right to opt out, i.e. the right to ask a business to stop selling their personal information. A CCPA-compliant opt-out mechanism should be accessible and transparent and should not require consumers to search or scroll through a privacy policy or similar document to perform an opt-out request.
Under the CCPA, the sale of personal information occurs when a business transfers the consumers’ information to another business or third party for financial gain. The definition includes any disclosure that involves the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means”.
Here are some links you can refer to for additional reading:
Fast-track your CCPA compliance with CookieYes
Set up your CCPA opt-out notice in 3 simple steps and get compliant easily.