CCPA Compliance
CookieYes is a simple and intuitive cookie consent management tool that will help your website with CCPA compliance.
14-day free trial. Cancel anytime.
What is CCPA?
The California Consumer Privacy Act (CCPA) is data privacy legislation that applies to businesses that process the personal data of California residents. Effective January 1, 2020, CCPA provides individuals control over the personal data that businesses collect about them.
Are cookies personal data under CCPA?
Cookies and similar tracking technologies are classified as unique identifiers and can be considered as personal information under CCPA. A unique identifier could directly or indirectly identify an individual consumer, family, or device over time and across services.
These identifiers can include IP addresses, cookies, beacons, pixel tags, mobile ad identifiers, customer numbers, unique pseudonyms, user aliases, and telephone numbers.
CCPA requires that users be able to opt out of the sale of personal information. This means the website should give users the choice to opt-out for the use of cookies that are not strictly necessary, especially third party cookies such as tracking cookies used for advertising.
CCPA compliance checklist for websites
- Scan your website to detect cookies and other trackers.
- Display a custom cookie banner to allow users to opt-in or opt-out of cookies.
- Add a ‘Do Not Sell My Information’ button on your cookie banner to allow users to opt out of the sale of their personal information.
- Create an up-to-date cookie policy detailing your use of cookies and other tracking technologies.
- Create a detailed privacy policy for your website.
CookieYes for CCPA compliance
CCPA notice
Display a location-based, and responsive CCPA notice or cookie banner with an opt-out ‘Do Not Sell My Information’ button. Personalize it with custom content, design, layout, buttons, behaviour and branding.
Cookie scanner
Scan your website periodically to identify and categorize cookies that have been newly added or deleted from your websites. The updated cookies are automatically added to the cookie audit table and cookie policy.
Auto-block third-party cookies
Auto-detect and block third-party cookies and trackers on your website until users’ give consent through the notice. Support the DNT status of users’ browser settings and automatically block tracking cookies.
Privacy policy
Create a privacy policy with detailed information about how you collect, use, share, or sell the personal information of California users.
Cookie policy
Add a dynamic, up-to-date cookie policy with a clear description of the usage of cookies and trackers on your site, how they are used, if the information is shared with third parties and how users can change their cookie preferences.
Consent record
Store and record user preferences in the consent log and export them for proof of compliance. Document users’ consent (anonymized) as well as their consent modifications or changes, if any.
Flexible integrations
Use a single dashboard, no complicated coding, and integrate cookie banners on any CMS, for all your subdomains and comply with multiple data privacy regulations such as GDPR ePrivacy Directive, CCPA, LGPD, CNIL and so on.
Geo-targeted consent
Comply with both GDPR and CCPA with a geo-targeted banner. Display CCPA notice for users in the US, (or only for California users) and GDPR cookie consent banner for EU users. Get foolproof compliance irrespective of privacy laws in place.
What is a CCPA notice?
Under CCPA, individuals have the right to be notified about how businesses collect and use their personal information. Websites should display these notices on their website.
CCPA notice at collection should inform consumers about the categories and purposes of personal information a business collects about them at or before collecting their personal information.
CCPA notice of right to opt-out should inform consumers of their right to opt-out of selling their personal information through a prominent “Do Not Sell My Personal Information” or “Do Not Sell My Info” link.
CCPA notice for cookies from CookieYes
What is a CCPA privacy policy?
CCPA privacy policy should outline information about the businesses’ collection, use, sharing and sale of personal information. It should also inform consumers about their privacy rights and how to exercise them.
The privacy policy should be available online through a conspicuous link on the business’s homepage. Websites should ensure that the privacy policy has a specific section to fulfil the CCPA requirements or should display a separate privacy policy dedicated to CCPA.
The Privacy Policy Generator from CookieYes will help you generate a privacy policy that can be customized for CCPA compliance.
CCPA compliant cookie banner from CookieYes.
Frequently asked questions
Who does CCPA apply to?
The CCPA applies to for-profit businesses that collect, shares, or sells the personal information of California residents and fit any of the following criteria:
- Has annual gross revenues over $25 million
- Possesses the personal information of 50,000 or more consumers, households, or devices
- Earns more than half of its annual revenue from selling consumers’ personal information
Read the official CCPA text here.
What is personal information of CCPA?
Personal information is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific consumer or household.
Personal data can be identifiers such as name, identification number, IP addresses, biometric information or characteristics such as race, ancestry, religion, age, sex, sexual orientation, gender, medical condition etc. CCPA maintains a broad definition of personal information but excludes de-identified/anonymized information from it.
What is the penalty for CCPA violation?
Businesses can get civil penalties of up to $7500 for each intentional violation while each unintentional can amount to a fine of up to $2500. Businesses will have a 30-days cure period to rectify violations before the Attorney General takes action.
Does CCPA apply to all states in the US?
CCPA applies to all for-profit organizations that process the information of California residents to offer goods or services. The law does not require the business to have a physical presence in California. In short, any business that deals with the personal data of California residents have to be CCPA compliant.
Does CCPA require opt-out?
The CCPA law provides consumers with the right to opt-out, i.e. the right to ask a business to stop selling their personal information. A CCPA compliant opt-out mechanism should be accessible and transparent and should not require consumers to search or scroll through a privacy policy or similar document to perform an opt-out request.
What is ‘sale’ under CCPA?
Under the CCPA, the sale of personal information occurs when a business transfers the consumers’ information to another business or third party for financial gain. The definition includes any disclosure that involves the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means”.
What is CPRA?
In November 2020, California passed the California Privacy Rights Act (CPRA) that amends and expands the provisions of CCPA. It revises and expands CCPA in key areas such as new definitions, consumer rights and a new enforcement arm – California Privacy Protection Agency (CPPA).
Does CPRA replace CCPA?
Currently, the CPRA does not repeal or replace CCPA but strengthens the existing framework. It will replace CCPA when it becomes fully effective on January 1, 2023.
Where can I find additional resources on CCPA?
Here are some links you can refer to for additional reading: