CCPA: A Summary of Key Consumer Rights
The California Consumer Privacy Act (CCPA) was adopted in 2018. Scheduled to go into effect from January 1, 2020, this regulation introduces new privacy privileges for California’s 40 million residents.
What are the Consumer Rights under the CCPA?
This legislation guarantees California residents five key rights in relation to their personal data.
The Right to Know
The CCPA requires businesses to make consumers aware of the information they collect about them. For this reason, companies must outline the kinds of information being collected and the purpose for which this data is gathered in their privacy policies.
The Right to Access
Under the CCPA, businesses are obligated to provide a mechanism through which the consumer can access and review the personal information collected about them.
The Right to Deletion
The CCPA’s deletion privilege is focused on allowing consumers to request the deletion of the information collected about them and stored by a business.
The Right to Opt-out
Consumers have the right - at any time - to command a company that sells personal information about them to third-parties to stope this sale under the CCPA. If a consumer is a minor, this regulation provides for the right to opt-in to the sale of data, which is exercised by minors aged between 13 and 16 years old or a guardian for minors under the age of 13 years.
The Right to Opt-In
After opting-out, consumers may choose to opt-in for the sale of their personal information again. This may happen due to the provision of certain products or services or for financial incentives in return for their data.
The Right to Equal Services and Prices
Under the CCPA, businesses are prohibited from discriminating against consumers by denial of goods or amenities, charging a different price or rate for goods or service, offering a different level or quality of goods or services, or implying that they will do any of these things as a result of a consumer’s exercise of any CCPA rights.
Learn more about CCPA using our detailed summary and find out how you can make your company and website CCPA compliant.
Once you have a clear picture of what you need to do to comply with CCPA, book a call today and get a personalized demo of our complete solution for free.
Privacy Preference Centers & Cross-Device Consent Management
Your marketing team just discovered that 23% of email subscribers who opted out of promotional messages last month are still receiving campaigns. The opt-out was captured in your CMP. It just never reached your email platform. Three of those users have filed complaints with your DPO. One has already submitted a GDPR complaint to a supervisory authority.
- Consent Management
FRIA Guide: Conducting Fundamental Rights Impact Assessments under the EU AI Act
Your organisation has been using an AI-powered tool to screen job applicants for the past 18 months. The system ingests CVs, scores candidates on a composite of attributes, and surfaces a ranked shortlist to hiring managers. Until recently, this was a product decision. From August 2, 2026, it is a legal obligation: under Article 27 of the EU AI Act, deployers of high-risk AI systems in employment and similar domains must conduct a Fundamental Rights Impact Assessment before putting that system into use — and they must notify the competent national market surveillance authority of the results.
- AI Governance
Data Minimization & Retention Enforcement: Practical Compliance Guide (2026)
Your legal team forwards a letter from a supervisory authority. A data subject complaint has triggered a formal investigation. Your organisation processed personal data without a valid lawful basis six months ago — a decision made by a product manager who did not loop in privacy counsel.
- Privacy Governance