COOKIES. CONSENT. COMPLIANCE
Schedule a Demo
secure privacy badge logo
Regulations
EUROPE
GDPR (EU) UK DPA (United Kingdom) FADP (Switzerland) NewDPA (Norway)

View All

North America
PIPEDA (Canada) CCPA/CPRA (California) CPA (Colorado) VCDPA (Virginia)

View All

Middle East
PDPL (UAE) DIFC DPA (Dubai) PDPL (Saudi Arabia) KVKK (Turkey)

View All

Asia
PIPA (South Korea) NewPIPL (China) Data Privacy Act 2012 (Philippines) PDPA (Singapore)

View All

Central and South America
LGPD (Brazil) DPL (Colombia) Personal Data Protection Law (Argentina) LSPDP (Panama)

View All

Africa
POPIA (South Africa) Law no.09-08 (Morocco) LPDP (Egypt) DPA (Kenya)
Oceania
APP (Australia) Privacy Act (New Zealand)
Features
Cookie BannersPreference CenterCookie & Website ScannerConsent LoggingData Subject Request FormsCookie PolicyPolicy CenterLegal Templates70+ Language Support
Cookie Banners
Integrations
HubspotWordpressMagentoAdobe Tag ManagerWixShopifyDrupalGoogle Tag ManagerWeeblySquarespaceWebviewSitecoreUmbracoJoomlaBigcommerceGoogle Consent ModeAdobe LaunchTealium IAB TCF v2.2
Hubspot badge
Pricing
Partner
Resources
BlogSupportContact UsDocsRequest DemoTraining & CertificationGDPR Website Scanner
June 24, 2019

CCPA and Cookies. What do I need to know?

In this article, we explain the basics of cookies and CCPA.

CCPA is the California Consumer Privacy Act, which was passed by California legislators in June 2018. It’s the most comprehensive law in the USA which is targeted at companies that collect and/or sell personal information and gives private individuals and companies, that are based in California, more control over their own data.

CCPA introduces three major new data protection, including:

  • The right to access information. It means that California consumers will be able to know which categories of information are used or sold, from whom and why certain information was collected, etc.
  • Right to deletion. Any consumer will be able to ask to delete personal information that was collected about him/her.
  • Right to opt-out. Similar to the GDPR, they will be able to direct a company to not sell their personal information to third parties.

The new legislative initiative will go into effect on January 1, 2020. At the same time, some CCPA issues are still in the process of clarifying and amending by local legislators. As a result, several amends were already passed and California attorney general enforcement is not expected until at least July 1, 2020.

CCPA and Cookies

The CCPA allows the use of cookies to collect personal information, but only after you notify users that you collect data. The notice on collection serves the purpose for providing this information to consumers.

The notice on collection contains the following:

  • The categories of personal information you collect
  • The purposes of data collection
  • Information on the right to opt-out of sale of consumers’ personal information, if you sell such information and
  • A link to the privacy policy.

You must not use cookies that collect data if you don’t show this notice to the consumer. 

The consumer doesn’t have to take any action about it, such as clicking an “Accept” button. That’s not required.

You need just to show the notice and your cookies are good to go.

In addition, if you sell personal information of minors, you must not use cookies to collect their data without obtaining explicit consent.

Secure Privacy allows you to create a custom notice on collection as well as the privacy policy. You need a notice on collection if you collect data from California-based visitors. In general, CCPA requires notice on the collection, which means you have a duty to show them only to your California visitors. Our detailed guide about CCPA gives you valuable tips on how to make your company or website CCPA compliant.

Schedule a call to learn more

image

Data Broker Registration Explained (2026): How to Register Under U.S. Privacy Laws

Data brokers occupy a peculiar position in the privacy landscape: they are often the most consequential handlers of personal information that consumers have never heard of. A person may carefully manage what they share with their bank, their employer, and the apps on their phone — and still find their name, home address, income range, health interests, and browsing behavior for sale across hundreds of databases they never interacted with.

  • Legal & News
  • Data Protection
image

EU AI Act Implementation Sprint: A 90-Day Playbook for Enterprise Compliance

The EU AI Act is no longer a regulation on the horizon. Prohibited AI practices have been enforceable since February 2025. General-purpose AI obligations have applied since August 2025. And on 2 August 2026 — five months from now — the full weight of high-risk AI system requirements under Annex III comes into force, bringing with it a penalty structure that exceeds even the GDPR: up to €35 million or 7% of global annual turnover for the most serious violations, and up to €15 million or 3% for non-compliance with high-risk obligations.

  • AI Governance
image

React Native Consent SDK: Implement Mobile Consent Management

Adding a consent banner to a React Native app is straightforward. Implementing consent management that actually controls data collection — where no third-party SDK fires a network request before the user has responded, where consent state persists correctly across sessions, and where every decision is logged for regulatory audit — is a different engineering problem.

  • Mobile Consent