CookieYes is a simple and intuitive cookie consent management tool that will help your website with CCPA compliance.
14-day free trial. No credit card required.
What is CCPA?
The California Consumer Privacy Act (CCPA) is data privacy legislation that applies to businesses that process the personal data of California residents. Effective January 1, 2020, CCPA provides individuals control over the personal data that businesses collect about them.
Are cookies personal data under CCPA?
Cookies and similar tracking technologies are classified as unique identifiers and can be considered as personal information under CCPA. A unique identifier could directly or indirectly identify an individual consumer, family, or device over time and across services.
These identifiers can include IP addresses, cookies, beacons, pixel tags, mobile ad identifiers, customer numbers, unique pseudonyms, user aliases, and telephone numbers.
CCPA compliance checklist for websites
- Scan your website to detect cookies and other trackers.
- Display a custom cookie banner to allow users to opt-in or opt-out of cookies.
- Add a ‘Do Not Sell My Information’ button on your cookie banner to allow users to opt out of the sale of their personal information.
CookieYes for CCPA compliance
Display a location-based, and responsive CCPA notice or cookie banner with an opt-out ‘Do Not Sell My Information’ button. Personalize it with custom content, design, layout, buttons, behaviour and branding.
Auto-block third-party cookies
Auto-detect and block third-party cookies and trackers on your website until users’ give consent through the notice. Support the DNT status of users’ browser settings and automatically block tracking cookies.
Store and record user preferences in the consent log and export them for proof of compliance. Document users’ consent (anonymized) as well as their consent modifications or changes, if any.
Use a single dashboard, no complicated coding, and integrate cookie banners on any CMS, for all your subdomains and comply with multiple data privacy regulations such as GDPR ePrivacy Directive, CCPA, LGPD, CNIL and so on.
Comply with both GDPR and CCPA with a geo-targeted banner. Display CCPA notice for users in the US, (or only for California users) and GDPR cookie consent banner for EU users. Get foolproof compliance irrespective of privacy laws in place.
What is a CCPA notice?
Under CCPA, individuals have the right to be notified about how businesses collect and use their personal information. Websites should display these notices on their website.
CCPA notice at collection should inform consumers about the categories and purposes of personal information a business collects about them at or before collecting their personal information.
CCPA notice of right to opt-out should inform consumers of their right to opt-out of selling their personal information through a prominent “Do Not Sell My Personal Information” or “Do Not Sell My Info” link.
CCPA notice for cookies from CookieYes
CCPA compliant cookie banner from CookieYes.
Frequently asked questions
Who does CCPA apply to?
The CCPA applies to for-profit businesses that collect, shares, or sells the personal information of California residents and fit any of the following criteria:
- Has annual gross revenues over $25 million
- Possesses the personal information of 50,000 or more consumers, households, or devices
- Earns more than half of its annual revenue from selling consumers’ personal information
Read the official CCPA text here.
What is personal information of CCPA?
Personal information is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific consumer or household.
Personal data can be identifiers such as name, identification number, IP addresses, biometric information or characteristics such as race, ancestry, religion, age, sex, sexual orientation, gender, medical condition etc. CCPA maintains a broad definition of personal information but excludes de-identified/anonymized information from it.
What is the penalty for CCPA violation?
Businesses can get civil penalties of up to $7500 for each intentional violation while each unintentional can amount to a fine of up to $2500. Businesses will have a 30-days cure period to rectify violations before the Attorney General takes action.
Does CCPA apply to all states in the US?
CCPA applies to all for-profit organizations that process the information of California residents to offer goods or services. The law does not require the business to have a physical presence in California. In short, any business that deals with the personal data of California residents have to be CCPA compliant.
Does CCPA require opt-out?
What is ‘sale’ under CCPA?
Under the CCPA, the sale of personal information occurs when a business transfers the consumers’ information to another business or third party for financial gain. The definition includes any disclosure that involves the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means”.
What is CPRA?
In November 2020, California passed the California Privacy Rights Act (CPRA) that amends and expands the provisions of CCPA. It revises and expands CCPA in key areas such as new definitions, consumer rights and a new enforcement arm – California Privacy Protection Agency (CPPA).
Does CPRA replace CCPA?
Currently, the CPRA does not repeal or replace CCPA but strengthens the existing framework. It will replace CCPA when it becomes fully effective on January 1, 2023.