Logo Logo
Cookiebot

The California Consumer Privacy Act (CCPA) may affect how your website is allowed to handle the personal information of Californians.

Try our free website scan to see how your website tracks and handles personal information.

Cookiebot offers CCPA compliance

Updated August 31, 2020.


California Consumer Privacy Act (CCPA) empowers California residents with new rights over the data they generate every day, and forces companies who do business in the state to play by new rules.

So how does your website obtain CCPA compliance? Which CCPA requirements will impact your website? And how can Cookiebot help you become CCPA and GDPR compliant?

Find the answers in this article about all things regarding CCPA compliance.


Quick summary


CCPA compliance for websites

The CCPA requires companies and organizations who do business in California to comply with new rules regarding the data their end-users generate on their websites.

The CCPA regulations empower users with new data rights (the first in the US), such as the right to opt-out of having their data sold to third parties; the right to disclosure of what data has been collected of them in the past year; and the right to deletion of that data.

This means that businesses need to know what cookies and other tracking technology is embedded on their websites – both those belonging to their own domains (first party cookies) and those belonging to ad tech companies or social media platforms (third party cookies) that are embedded through plugins, tags and tools.

Learn more about the CCPA and cookies

The California Consumer Privacy Act (CCPA) forms a new legal reality in the intersection of the offline and online, where our daily lives spill into the digital, and – until now – have been commodified and traded for profit by tech companies.

The CCPA creates empowered agency for end-users and real checks-and-balances for businesses trading data in California.

Scan your website for free with Cookiebot to see which cookies are active on your website and what kinds of personal information they process.

Enforcement of the CCPA has begun! Learn more about the final CCPA regulations here


CCPA compliance with Cookiebot

Cookiebot is a world-leading consent management platform offering full compliance with the EU’s GDPR and California's CCPA.

In compliance with the strong GDPR requirements in place in the EU, Cookiebot’s technology automatically scans your website and finds all cookies and similar tracking technology, then blocks all (apart from strictly necessary ones) until the end-users give their consent to which categories of cookies, they will allow to process their personal information.

In compliance with the CCPA, Cookiebot enables a website's end-users to opt out of having their data sold to third parties through a Do Not Sell My Personal Information link on their cookie declaration.

Cookiebot also supports multiple compliance solutions on the same website through a geotargeting function that detects whether a visitor is from the EU or California, and configures the appropriate banner accordingly.



CCPA compliance through Cookiebot.

Cookiebot's CCPA compliant cookie declaration in California.



Cookiebot ensures CCPA compliance for businesses by e.g. enabling their end-users to opt out of having their data sold and obtaining their consent ID on the company's website.

Our CCPA configuration implements the mandatory Do Not Sell My Personal Information link.

Cookiebot also enables websites to comply with the specific requirement regarding opt in for minors under 16 years of age.



CCPA compliance with Cookiebot CMP

Cookiebot CCPA opt in banner enabling businesses to obtain the consent of minors.



According to the CCPA, businesses must obtain the opt-in consent from minors age 13-16 (and from parents or legal guardians from minors under age 13) before they are allowed to sell their personal information.



CCPA compliance with Cookiebot CMP in detail

Cookiebot CCPA opt in banner, unfolded with details showing cookies and trackers present.



Cookiebot can be configured and customized to meet the standards of compliance under the CCPA as well as GDPR, depending on where your end-users are located.

This way, Cookiebot ensures that the privacy of your end-users is protected, and the autonomy over their own data enshrined.

Take an in-depth look at the core functions of Cookiebot.

Businesses can sign up for free to Cookiebot today to scan and control their cookies, become GDPR compliant and get familiar with the different opt-in and opt-out functions.


CCPA checklist for compliance


Who exactly is protected by the CCPA? And how does a company obtain CCPA compliance?

In this section, we look at who the law affects and how you obtain CCPA compliance. We provide an overview of the obligations for businesses in a quick CCPA checklist.

A business is exempt from e.g. disclosing personal information or deleting it, if the business cannot verify the consumer making the request.

On August 14, 2020, the final CCPA regulations took effect and form the basis for the Attorney General’s enforcement, which has already begun.

The CCPA regulations specify the practical and technical aspects of how to become compliant with the law.

Learn more about the enforcement and the CCPA regulations here


CCPA requirements for California businesses

To be obligated for CCPA compliance, a company or organization must fall under the definition of business in the CCPA.

According to the CCPA rules, a business is an umbrella term that includes both companies, corporations, associations, partnerships or any other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners.



CCPA compliance and consent management with Cookiebot

Not all websites or companies will fall under the CCPA's definition of business.



However, to be regarded as a business under the CCPA rules, a company has to meet one of the three following attributes:

This means that if your company is based in, say, Texas or Europe, but buys or sells the personal information of at least 50.000 California residents, your company is liable for CCPA compliance.

It also means that if you have a small business that makes under $25 million a year, or if less than half of your business income relies on selling personal information to third parties, or if your business does not sell more than fifty-thousand Californians’ personal information, the CCPA does not apply to your company.

However, if your business shares common branding with another company that does meet one of the abovementioned thresholds, your business will be subject to CCPA compliance.

This means e.g. having a shared name, service mark or trademark. In such a case, an organization that would not by itself fall under the CCPA rules for businesses, could be forced to obtain CCPA compliance anyway.


CCPA compliance for California businesses

Here is a non-exhaustive CCPA compliance checklist to inform you of some of the key requirements.

According to the CCPA, a business must –

Take a look at the California Consumer Privacy Act law text here.

Additionally, for a business to obtain CCPA website compliance, they must also update their privacy policy to include:

Cookiebot enables CCPA compliance.

With the Cookiebot technology, websites can manage user consents and requests for opt-outs of data sales, as well as get a full overview of all cookies and trackers.

Try our compliance technology for free today.



CCPA compliance will be easy with Cookiebot

Cookiebot offers CCPA and GDPR compliance for US websites.



CCPA rights Californian residents

To be protected by the CCPA, a consumer has to be a natural person who is a California resident, defined as an individual:

In other words, for the CCPA to apply, you have to have residency in California to qualify as a consumer according to the law.

If you do qualify as a consumer protected under the new privacy law, the CCPA empowers you with the following rights:

According to the CCPA regulations, any discrimination against consumers based on their choice to exercise their rights is strongly prohibited.

Learn more about the CCPA’s definition of personal information


CCPA compliance vs GDPR compliance


Cookiebot is a leading consent management platform in the world, enabling GDPR compliance for hundreds of thousands of websites every day.

The main difference between the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) in the EU is that the latter requires data controllers and processors to meet one of six legal bases prior to the processing of personal data.

The first of these is with the consent of the user, meaning that a website must obtain prior consent from a user before any processing of their personal information can take place.

Read our CCPA vs GDPR comparison here.



Try CCPA compliance through Cookiebot for free.

The CCPA protects California residents, while the GDPR protects anyone who happens to be inside the EU at the time of data collection.



Cookiebot’s consent management platform is built to enable full GDPR compliance by controlling a website’s data processing through the consent of the users.

The CCPA doesn’t have a framework of legal bases that businesses must first meet in order to process data, but by using Cookiebot, companies and websites in California can ensure that their users will not experience unwanted data harvesting by - and selling to third party tech companies.

Cookiebot can be configured to meet the requirements of both the CCPA and the GDPR, depending on where in the world your end-users are located.

This way, website owners using Cookiebot can be confident about meeting the compliance standards for the data law relevant for exactly them, whether it be in California or the European Union.

The CCPA is the first major privacy law outside of the European Union, but it is definitely not the last.

A privacy awakening is upon us and data laws are emerging in many other states in the US, as well as around the world.

Cookiebot follows this global development closely, as we continue to develop our technology to support future data privacy laws.

Try Cookiebot free for 30 days... or forever if you have a small website.


FAQ


What is the CCPA?

The California Consumer Privacy Act (CCPA) is a state-wide law that regulates how personal information of California residents are allowed to be used and shared by businesses. The CCPA require businesses to enable users to opt out of having their data sold to third parties, and to inform users of what kinds of cookies their websites use that process personal information.

Learn more about the CCPA


Are cookies personal information under the CCPA?

Under the CCPA, personal information includes cookies and trackers that collect IP addresses, browser history, search history and Unique IDs that can be used to identify an individual user. Third-party cookies, like statistics or marketing cookies, often use Unique IDs that make an individual user identifiable across the Internet.

Learn more about CCPA and cookies on websites



Who is liable for CCPA compliance?

A business is defined in the CCPA as a company or organization that meets at least one of the three following thresholds: have an annual gross revenue of more than $25 million, derive 50% or more of its annual revenues from selling consumers’ personal information, or buy, receive, sell or share the personal information of more than 50.000 California residents annually.

Learn more about CCPA and personal information


How can a website become CCPA compliant?

A website must inform its users of all the cookies and trackers in operation that collect, process, share and/or sells personal information of California residents. Websites must inform users of their rights under the CCPA, including making it easy for users to opt out of third-party data sales. Websites must have a privacy policy that specifies the categories, sources and commercial purposes of the personal information collected in the past 12 months.

Learn more about CCPA compliant website privacy policies


Resources


What is the CCPA?

CCPA vs GDPR - how are they different?

What is the GDPR?

Attorney General's CCPA draft regulations for enforcement

Cookiebot's core functions

California Consumer Privacy Act law text

New Google Consent Mode 

Cookiebot integrates perfectly with the new Google Consent Mode.

Make your website’s use of cookies and online tracking compliant today

Try for free