CCPA and Cookies. What do I need to know?
In this article, we explain the basics of cookies and CCPA.
CCPA is the California Consumer Privacy Act, which was passed by California legislators in June 2018. It’s the most comprehensive law in the USA which is targeted at companies that collect and/or sell personal information and gives private individuals and companies, that are based in California, more control over their own data.
CCPA introduces three major new data protection, including:
- The right to access information. It means that California consumers will be able to know which categories of information are used or sold, from whom and why certain information was collected, etc.
- Right to deletion. Any consumer will be able to ask to delete personal information that was collected about him/her.
- Right to opt-out. Similar to the GDPR, they will be able to direct a company to not sell their personal information to third parties.
The new legislative initiative will go into effect on January 1, 2020. At the same time, some CCPA issues are still in the process of clarifying and amending by local legislators. As a result, several amends were already passed and California attorney general enforcement is not expected until at least July 1, 2020.
CCPA and Cookies
The CCPA allows the use of cookies to collect personal information, but only after you notify users that you collect data. The notice on collection serves the purpose for providing this information to consumers.
The notice on collection contains the following:
- The categories of personal information you collect
- The purposes of data collection
- Information on the right to opt-out of sale of consumers’ personal information, if you sell such information and
- A link to the privacy policy.
You must not use cookies that collect data if you don’t show this notice to the consumer.
The consumer doesn’t have to take any action about it, such as clicking an “Accept” button. That’s not required.
You need just to show the notice and your cookies are good to go.
In addition, if you sell personal information of minors, you must not use cookies to collect their data without obtaining explicit consent.
Secure Privacy allows you to create a custom notice on collection as well as the privacy policy. You need a notice on collection if you collect data from California-based visitors. In general, CCPA requires notice on the collection, which means you have a duty to show them only to your California visitors. Our detailed guide about CCPA gives you valuable tips on how to make your company or website CCPA compliant.
GDPR Compliance Automation: Complete Guide & Tool Comparison
Your privacy team is drowning in manual GDPR workflows. Data subject access requests pile up for weeks. Data mapping takes months instead of minutes. Your spreadsheet-based consent records can't scale to millions of users. Meanwhile, European regulators issued €1.2 billion in GDPR fines last year alone, and your current compliance approach can't keep pace with enforcement intensity or business growth. GDPR compliance automation transforms this reality by applying intelligent technology to streamline, accelerate, and enhance the accuracy of data protection activities. Organizations implementing comprehensive automation report 85-97% reduction in compliance workloads while improving accuracy and reducing regulatory risk by up to 75%. This guide explains what GDPR compliance can be automated, which processes require human judgment, how to select automation platforms, and what ROI you can expect from intelligent privacy technology investments.

IAB TCF Compliance Tool: Choose and Implement the Right Solution
Your Consent Management Platform just failed its IAB validation check. Three weeks before your planned launch, the CMP Validator flagged seventeen compliance issues across your consent banner implementation. Your legal team is escalating concerns about GDPR violations, your ad ops team worries about revenue impact, and nobody knows exactly what needs fixing or how long remediation will take.
- Legal & News
- Data Protection
- GDPR
- CCPA

What is ad_user_data in Google Consent Mode v2 — and Why It Matters for Your Ads
Your Google Ads conversion tracking just stopped working in Europe. Campaign performance dropped 30% overnight. Google Tag Assistant shows consent signal errors. You're seeing warnings about missing Consent Mode v2 implementation, but you're not sure what ad_user_data means or why Google suddenly requires it.