CCPA is the California Consumer Privacy Act, which was passed by California legislators in June 2018. It’s the most comprehensive law in the USA which is targeted at companies that collect and/or sell personal information and gives private individuals and companies, that are based in California, more control over their own data.
CCPA introduces three major new data protection, including:
- The right to access information. It means that California consumers will be able to know which categories of information are used or sold, from whom and why certain information was collected, etc.
- Right to deletion. Any consumer will be able to ask to delete personal information that was collected about him/her.
- Right to opt-out. Similar to the GDPR, they will be able to direct a company to not sell their personal information to third parties.
The new legislative initiative will go into effect on January 1, 2020. At the same time, some CCPA issues are still in the process of clarifying and amending by local legislators. As a result, several amends were already passed and California attorney general enforcement is not expected until at least July 1, 2020.
CCPA and Cookies
The CCPA defines the phrase “personal information” to include any information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
In situations where a website deploys third-party tracking cookies (e.g., behavioral advertising network cookies), it is not clear how the business that owns and controls the tracking cookie will be able to provide California consumers with its “at or before the point” of information collection privacy disclosure.
Secure Privacy allows you to create a custom cookie banner. You need a cookie banner if you collect data from US-based visitors. In general, CCPA requires cookies banners, which means you have a duty to show them only to your US visitors.