The California Consumer Privacy Act (CCPA) is a data protection law that went into effect on January 1, 2020, in the state of California, United States. It is similar to the General Data Protection Regulation (GDPR) that was adopted by the European Union in 2018, in that it gives consumers more control over their personal information and how it is collected, used, and shared.
The CCPA applies to businesses that meet certain criteria such as:
- Having gross annual revenues in excess of $25 million.
- Buying, receiving, selling, or sharing personal information of 50,000 or more consumers, households, or devices.
- Deriving 50% or more of their annual revenues from selling consumers’ personal information.
The CCPA gives Californian residents the following rights:
- The right to know what personal information is being collected about them, where it came from, and who it is shared with.
- The right to request that their personal information be deleted.
- The right to opt out of the sale of their personal information.
- The right to non-discrimination in terms of prices or services for the exercise of these rights
Businesses that are subject to the CCPA must provide a clear and conspicuous link on their homepage titled “Do Not Sell My Personal Information” that allows Californian residents to opt out of the sale of their personal information. Businesses must also make available a privacy policy that explains what personal information is being collected and how it is being used, shared, or sold.
Violations of the CCPA can result in fines of up to $7,500 per violation. Additionally, the California Attorney General’s office can take legal action against companies that are found to be in violation of the CCPA.