CCPA: A Summary of Key Consumer Rights
The California Consumer Privacy Act (CCPA) was adopted in 2018. Scheduled to go into effect from January 1, 2020, this regulation introduces new privacy privileges for California’s 40 million residents.
What are the Consumer Rights under the CCPA?
This legislation guarantees California residents five key rights in relation to their personal data.
The Right to Know
The CCPA requires businesses to make consumers aware of the information they collect about them. For this reason, companies must outline the kinds of information being collected and the purpose for which this data is gathered in their privacy policies.
The Right to Access
Under the CCPA, businesses are obligated to provide a mechanism through which the consumer can access and review the personal information collected about them.
The Right to Deletion
The CCPA’s deletion privilege is focused on allowing consumers to request the deletion of the information collected about them and stored by a business.
The Right to Opt-out
Consumers have the right-at any time-to command a company that sells personal information about them to third-parties to stope this sale under the CCPA. If a consumer is a minor, this regulation provides for the right to opt-in to the sale of data, which is exercised by minors aged between 13 and 16 years old or a guardian for minors under the age of 13 years.
The Right to Opt-In
After opting-out, consumers may choose to opt-in for the sale of their personal information again. This may happen due to the provision of certain products or services or for financial incentives in return for their data.
The Right to Equal Services and Prices
Under the CCPA, businesses are prohibited from discriminating against consumers by denial of goods or amenities, charging a different price or rate for goods or service, offering a different level or quality of goods or services, or implying that they will do any of these things as a result of a consumer’s exercise of any CCPA rights.
Want to try
Get your free cookie banner up and running today!
That also interest you
Data Subject Access Requests: Do's and Don’ts in Handling GDPR DSARs
Data Subject Access Requests (DSARs) are one of the less-talked-about GDPR requirements, but failure to handle them correctly could land your company in trouble.
ePrivacy Regulation vs GDPR: 4 Key Differences
The ePrivacy Regulation was set to come into force alongside the GDPR on May 25, 2018, but delays in the approval phase meant its implementation was delayed.
EDPB Guidelines on Targeting Social Media Users: 4 Quick Compliance Tips
EDPB guidelines on targeting social media users published in September 2020 bring new GDPR compliance obligations that social media service providers and targeters need to adopt.