The California Consumer Privacy Act (CCPA) comes into effect on January 1, 2020 and may affect how your website is allowed to handle the personal information of Californians.
CCPA is a regulation similar to Europe's General Data Protection Regulation.
Accoring to Adexchanger, the California attorney general’s office recenlty published the first draft of its implementation regulations for the California Consumer Privacy Act.
Said California AG Xavier Becerra, "Our personal data is what powers today’s data-driven economy and the wealth it generates, It’s time we had control over the use of our personal data – that includes keeping it private."
The transfer of personal information to a third party always counts as a sale according to CCPA
There are difference between third party and service providers. Service providers don't have to deal with data access and deletion requests.
The main tenet of CCPA is that consumers have the right to opt out of the sale of their personal information.
Sale under CCPA means: selling, renting, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or third party for monetary or other valuable consideration.
CCPA Terms: Household: a person or group of people; Third parties: any entities that don't collect personal information from consumers directly.
Companies are required to notify consumers, either at or before the time of collection, what categories of personal data will be collected and how the data will be used.
Companies that sell personal information need to include a button on any webpages collecting personal data titled "Do Not Sell My Personal Information" or "Do Not Sell My Info" that links to the notice.
Companies should provide a two-step process for online deletion requests in which consumers must separately confirm that they really do want their data deleted.
Companies can comply with deletion requests by "permanently and completely" erasing the personal information on its existing systems, by de-identifying the data or by aggregating it so that it’s no longer identifiable to an individual.
Business should setup a CCPA Consent Management system like GDPR consent manager prepare for the up coming law.
EU Privacy Campaign Group filed a batch of warnings to websites with non-compliant cookie banners
Spain: Spanish DPA AEPD issues several fines for GDPR violations during June and July 2022
Czech Republic: the half year cookie compliance monitoring report from Czech DPA
TikTok: EU DPAs warn TikTok following announcement on the legal basis for targeted advertising
UK GDPR: UK may remove the need for cookie banner pop-ups for low risk activities
IAB Tech Lab released Global Privacy Platform (GPP) specifications