Achieve CCPA compliance and gain consumer trust
Implement all your CCPA compliance requirements under one roof. Display opt-out notice, ‘Do not sell’ link and generate privacy disclosures.
The #1 cookie consent solution, trusted by 1.4 Million+ websites
What is CCPA?
The California Consumer Privacy Act (CCPA) is data privacy legislation that applies to businesses that process the personal data of California residents. Effective January 1, 2020, CCPA provides individuals control over the personal data that businesses collect about them.
Who does CCPA
The CCPA applies to for-profit businesses that collect, share, or sell the personal information of California residents and fit any of the criteria.
Has annual gross revenues over $25 million
Process personal information of 50,000 or more consumers, households, or devices
Earns more than 50% of annual revenue from the sale of personal information
CCPA Compliance Checklist for Websites
Display CCPA opt-out notice to respect the user’s right to opt-out
Add a clear and conspicuous “Do Not Sell My Personal Information” link
Meet CCPA Compliance Requirements with CookieYes
Implement ‘Do not sell’ opt-out notice
The CCPA requires businesses to respect the consumer’s right to opt-out of the sale of their personal information to third parties. This includes data collected through cookies. With CookieYes you can
Comply with GDPR and CCPA regulations
If your website has visitors from both US and the EU, then it is important to comply with both laws. Businesses are required to display an opt-out notice for CCPA and a cookie consent banner for GDPR. With CookieYes, you can
Comply with CCPA and ever-evolving privacy laws in the US
What are consumer rights under CCPA?
Right to notice
The right to know about the personal information a business collects about them and how it is used and shared.
Right to deletion
The right to delete personal information that a business has collected from them.
Right to opt-out
The right to opt-out of the sale of their personal information by a business.
Right to non-discrimination
The right to not be discriminated against for exercising their consumer rights under CCPA.
What are the penalties for non-compliance with the CCPA?
Businesses can get civil penalties of up to $7500 for each intentional violation while each unintentional can amount to a fine of up to $2500. Businesses will have a 30-day cure period to rectify violations before the California Attorney General takes action.
CCPA provides a private right of action to consumers under limited circumstances if they suffer a data breach due to negligence from a business. Consumers can sue for the amount equal to the monetary damages they actually suffered from the breach or “statutory damages” of up to $750 per incident.
FAQ on CCPA Compliance
The California Consumer Privacy Act (CCPA) is a state-wide privacy regulation enacted in 2018. CCPA compliance applies to any for-profit entity doing business in California that collects, shares, or sells the personal information of California residents.
To be CCPA compliant, companies are required to meet certain standards for data collection and processing of any personal data that can be linked, associated, or related to Californians.
Help guide: How to use CookieYes for CCPA Compliance
No, the California Privacy Rights Act (CPRA) does not replace the CCPA but amends it. The CPRA is an expansion of the CCPA, as it modifies existing provisions and introduces additional requirements for businesses operating in California. The CPRA came into effect on January 1, 2023.
Read more: Complete Guide to CPRA
Under CCPA, personal information is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific consumer or household. CCPA maintains a broad definition of personal information but excludes de-identified/anonymized information from it.
Personal information can be identifiers such as name, identification number, IP addresses, biometric information or characteristics such as race, ancestry, religion, age, sex, sexual orientation, gender, medical condition etc.
Cookies and similar tracking technologies are classified as unique identifiers and can be considered personal information under CCPA. A unique identifier could directly or indirectly identify an individual consumer, family, or device over time and across services.
These identifiers can include IP addresses, cookies, beacons, pixel tags, mobile ad identifiers, customer numbers, unique pseudonyms, user aliases, and telephone numbers.
CCPA applies to all for-profit organizations that process the information of California residents to offer goods or services. The law does not require the business to have a physical presence in California. In short, any business that deals with the personal data of California residents have to be CCPA compliant.
Under the CCPA, the sale of personal information occurs when a business transfers the consumers’ information to another business or third party for financial gain. The definition includes any disclosure that involves the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means”.
Here are some links you can refer to for additional reading:
Fast-track your CCPA compliance with CookieYes
Set up your CCPA opt-out notice in 3 simple steps and get compliant easily.