The California Consumer Privacy Act (CCPA) was established to protect the data privacy rights of California consumers. But while it benefits residents of the state, it applies to businesses outside of the state as well.
This legislation is applicable to for-profit businesses that do business in California, collect consumer information, and fall under certain criteria (more than $25 million of annual gross revenue).
It also applies to those enterprises that deal with the personal information of at least 50,000 Californians or derive half or more of their revenue from selling Californians’ personal information.
Given these applications, there is likely a connection between CCPA and advertisers, wherever they may be located.
What Is The CCPA?
The CCPA is a comprehensive data privacy law that establishes rights for California consumers to give them more control over their personal information such as:
- The right to know about the personal information a business collects, uses, and shares
- The right to delete personal information collected (with some exceptions)
- The right to opt-out of the sale of personal information
- The right to non-discrimination for exercising rights under the CCPA
The privacy management tool, including basic information such as names, addresses, and location, as well as financial and government information. It also covers commercial information such as purchasing history, personal history (e.g. education, resume, etc.), and even profiles on consumer behavior and preferences derived from how they interact with websites and platforms.
What Businesses Does The CCPA Apply To?
Although the CCPA is a state-wide law, it doesn’t apply to all businesses that operate in or with the state. The CCPA only considers for-profit businesses that do business in California and meet any of the three criteria defined by the law:
- has a gross annual revenue of more than $25 million
- has a practice of buying, receiving, or selling (or in any way making available to another, e.g. renting, disseminating, etc.) the personal information of 50,000 or more California residents, devices, or households
- derives at least 50% of their annual revenue from selling the personal information of California residents
The law is lenient toward small businesses that don’t have the need for or have the resources to collect, store, or use personal information. Though it is unknown how long that will last.
The future of data privacy legislation appears to be that it will spread across the country and gradually become stricter—giving consumers even more control over their personal information. All businesses in California are encouraged to play it safe by complying with the law sooner rather than later.
Additionally, even businesses that aren’t headquartered in California but do business with residents of the state or implement marketing campaigns that target California consumers must adhere to the guidelines of the CCPA.
Therefore, this far-reaching legislation applies to many international and national businesses who will want to be compliant, especially since the alternative is losing the right to do business in the state with the largest population and the highest gross domestic product (GDP) in the United States.
How Do Businesses Comply With The CCPA?
The CCPA lists regulations that guide the implementation of the law. These include, but are not limited to:
- adding a conspicuous “Do Not Sell My Personal Information” opt-out option
- updating privacy policies to outline the consumer rights secured by the CCPA
- providing consumers the channels and support to retrieve and/or delete personal information promptly
- obtaining consent from minors (or their parents, if under thirteen) before using their personal information
- training employees on CCPA’s prescribed rights
- reviewing and/or revising agreements with third parties or service providers to compliant with the CCPA
Whether or not the CCPA applies to your business, it’s good practice for you to be transparent about your data practices and provide consumers with the avenues to enact the rights given to them by the law.
While the CCPA is a state-wide law, many companies are seeing themselves being affected—and it’s not far until similar regulations are enacted not just in the US, but in the international market, as well. Consider looking into a privacy management tool; it might be just what you need to ensure your company’s compliance fairly quickly and easily.