Logo Logo
Cookiebot

The California Consumer Privacy Act (CCPA) will come into effect on January 1, 2020 and may affect how your website is allowed to handle the personal information of Californians.

Try our free website scan to see how your website tracks and handles personal information.

California privacy law takes quantum leap with CCPA

California was one of the first states in the US to enshrine privacy as an “inalienable right” of all people, when it amended its constitution in 1972.

On January 1, 2020, California becomes the first state to enact a data privacy law that will empower its residents with ownership over their personal information and change the way companies handle personal information across the United States and the rest of the world.

As California goes, so goes the nation, so let’s have a look at the new California privacy law and its consequences.

What does it mean for your company and your website? How can you become compliant? And what are the differences between it and the European GDPR?


The new California privacy law


According to a recent survey by Pew Research Center, a majority of Americans believe it to be impossible to go through daily life without having their data collected.

The survey was conducted with participation of more than 4,000 people over the summer of 2019.

81 percent of the American public feel that the potential risks they face because of data collection outweigh the benefits, and 79 percent feel concerned about the way their data is being used by companies.

Three out of four Americans, the survey also showed, want more power over their own data, and believe there should be more regulation around how companies handle data.

The new California privacy law (CCPA) is the first sign that US legislation is catching up to the public sentiment on data privacy.



California privacy law empowers California residents with data ownership.

CCPA privacy: California is becoming the frontier of US data privacy law.



New legal reality in the US with the California privacy law

As the first state in the nation, California will in January 2020 enact a data privacy law that effectively moves the legal reality of digital privacy closer to the peoples’ wishes for more control over their own data and more regulatory supervision of the tech companies handling that data.

The new California privacy law (CCPA) might very well become the de facto standard for data rights across the US, not only because it is the very first of its kind in the country, but because California is the largest state in the US with forty million residents, and, if it was its own country, would be the fifth largest economy in the world.

A business in, say, Wyoming or Vermont will be required to comply with the CCPA if it buys, receives, sells, or shares the personal information of at least 50.000 California residents, households or devices annually.

The impact of this requirement means that a lot of US companies will have to seek compliance with the new California privacy law, even if they are located outside of California.

In fact, the impact of the new California privacy act will also be felt globally – since the same requirements for compliance will be forced upon companies in Europe or Asia, if they fall under the definition of a business in the CCPA.

For more on the CCPA and how it came to pass as California state law, take a look at our CCPA long-read here.


Compliance with Cookiebot


Cookiebot is a consent management platform that scans your website, finds all cookies and similar tracking technology and empowers the end-users with the choice of consent.

This way, website owners empower their end-users with the choice to decide who they wish to share their personal information with. This is the bedrock of strong data privacy, as mandated by the European GDPR and soon also the new California privacy act.

In California, data privacy is getting a strong legal foundation come January 1, 2020. 

Cookiebot will launch its CCPA configuration on December 16, 2019.



Cookiebot and the CCPA, rights for consumers protected.

Cookiebot enables CCPA compliance with new configuration.



Cookiebot’s consent solution is one of the leading platforms in the privacy industry to enable full GDPR compliance for websites all over the world.

Cookiebot will offer a solution for compliance with the CCPA in California, alongside our existing solution for compliance with the European GDPR.

That’s because our technology can be configured and customized to meet the compliance standards of both the CCPA and GDPR, depending on where your business and end-users are located.

Take a look at the core functions of Cookiebot here

Whether your company is based in the US, EU or anywhere else in the world, the landscape of data privacy is rapidly changing, and new requirements means companies must be mindful of how they handle user data.

By using Cookiebot’s consent management solution, websites and companies worldwide can rest assured that they handle their end-users’ data with transparency and compliance.

Check out the CCPA requirements for compliance.


Consumer protection under the California privacy law


The California privacy act (CCPA) sets up a legal framework, whereby California residents can claim ownership of their data. It also requires companies who do business in California to provide users with easy ways of exercising their newly created data rights.

However, there are certain definitions in the law that both individuals and companies must fall under in order for the California privacy law to apply.

Let’s have a look at them now.


New consumer rights under the California privacy law

Among the rights that the California privacy law empowers state residents with are the right to opt-out of having one’s personal information sold to third parties, the right to disclosure of what personal information has been collected in the past 12 months, and the right to deletion of that data.

Failure to comply can result is fines of $7,500 per violation and $750 per affected user in civil damages for businesses.

The enforcement of the California privacy act befalls the Attorney General of California, who has until July 2020 to map out exactly how enforcement will look like.

Check out the proposed enforcement regulations of CCPA from the Attorney General’s office.


Who is protected by the California privacy act?

To be protected by the California data law, a consumer must be a natural person who is either in the state for other than a temporary purpose or who is domiciled in the state, but temporarily outside of the state (e.g. on vacation or business trip).



The new California privacy law protects California residents exclusively

The new California privacy act protects only California residents.



Individuals who are simply passing through, on a brief rest or vacation, in the state to complete a particular transaction or perform a particular contract are deemed to be in the state for temporary or transitory purposes and will not fall under the California privacy law as a consumer, and hence not protected by the CCPA.

It is not enough to simply be located in the state when having one’s data collected by a business (e.g. tourists vacationing in the state).

Read our compliance guide for California data privacy.


California privacy law's definition of personal information

The new California data law (CCPA) defines personal information as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Personal information can include:

What does the CCPA say about cookies in detail?

Even data that is not by definition personal information might fall under the category, if it can be inferred to create profiles that reflect a consumer’s “preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.”

The new California privacy law effectively creates a whole new way of viewing data in the US.


Business compliance with the California privacy law


To be regarded as a business under the CCPA rules, a company has to meet one of the three following attributes:



The new California privacy law regulates the flow of data in the state of California.

CCPA privacy: California is becoming the frontier of US data privacy law.



If your company seeks compliance with the California privacy law, this checklist will run you through the basic requirements necessary.

Take a look at the official California privacy law (CCPA) text here.

Here is a non-exhaustive CCPA compliance checklist to inform you of some of the key requirements.

Want to know more about how to comply with the CCPA?


California privacy law and the GDPR


When comparing the California privacy law (CCPA) to the European data regulation (GDPR), it becomes clear that though there are similar intentions and provisions, the two data privacy laws are very different.

Where the European GDPR protects anyone in the EU, the CCPA only protects California residents.

It is not enough to be located in the state at the time of collection or processing, according to the new California privacy law, you must have a permanent residency in the state in order to be protected.

The GDPR is focused on creating a “privacy by default” legal framework for the entire EU, whereas the CCPA is about creating transparency in California’s huge data economy and rights for its consumers.

For more, take a look at our comprehensive CCPA vs GDPR comparison.


Summary: what does the California privacy law mean for me?


If you have a company that falls under the CCPA privacy definition of a business, you are obligated to obtain compliance with the California privacy law, regardless of where in the world your company is based.

Check out our CCPA compliance checklist here.

Have a look at our long-read CCPA article that digests the official law text.

Inform yourself on the differences between the CCPA and the EU's GDPR.

On January 1, 2020, Cookiebot offers compliance with CCPA (and as always GDPR) for your company and its website.

Sign up now for month free trial today.


Resources


What is the CCPA?

How to achieve CCPA compliance?

What is the GDPR?

What are the differences between the CCPA and GDPR?

How does Cookiebot work?

Survey on American sentiment towards data rights and the tech industry, conducted by Pew Research Center

Make your website’s use of cookies and online tracking compliant today

Try for free