What is CCPA?

Last Update: December 20, 2019

What is CCPA?

CCPA stands for the California Consumer Online Privacy Act. Also known as California's GDPR.

Its is a Californian privacy law that goes into effect on January 1st 2020 and it enhances the privacy rights of consumers from California in the USA.

The law imposes new requirements on businesses serving consumers from California. One of them must be a notice of collection, with an opt-out link, a do not sell my personal information (DNSMPI)

Best is to use a plugin that detects the location of your visitor and displays a message of GDPR and CCPA accordingly. With all those rules, our starting screens get overcrowded, no?

Thank you for reading, liking, comments and shares

What is your solution?

I am using cookie notice plugin, which has a no option.
But, That is not enough...

PS (added as it goes):

For legal info, look here: https://www.iubenda.com/en/
And here: https://www.cookiepro.com/

For pluginS, look here:
https://wordpress.org/plugins/search/Ccpa/

Do not miss this:
https://www.awin.com/us/news-and-events/gdpr/awin-and-the-ca...


Do not miss Kyle's featured answer, nor the tips given by many members for plugins either!

Join the Discussion
Write something…
Recent messages
Kyle Premium Featured Comment
If you are following GDPR, there is a good chance that you are already following the regulations under CCPA.

This is to help the US be able to enforce privacy regulations and it was easier for them to implement this on a "state" level, instead of trying to deal with political and very much divided nature of the current congress (to get it done at a federal level).

It certainly is not room for panic, these policies are geared towards larger sites that are collecting data and using it for advertising and other monetary gain (think Facebook, Google, etc).

We will have much more to say on this and other privacy related situations as we head into the new year, and we sit down with some of the "in the know" internet & media lawyers across the world (which we do in the first quarter of every year).
Reply
ExpatMark Premium
Thanks Kyle. I am glad I am moving 6200 miles from California. I hope that is enough to distance me from such BS.
Reply
Fleeky Premium
Thank you Kyle
❤️
Reply
JeannineC Premium
It's only enough distance if no one from California ever visits your site. If you get even one visitor - wham, bam, you have nexus.
Reply
laparra1 Premium
p.s. Fleeky we found this on Wikipedia. I do not fall into any of the 3 mentioned categories.

The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of the following thresholds:

Has annual gross revenues in excess of $25 million;
Buys or sells the personal information of 50,000 or more consumers or households; or
Earns more than half of its annual revenue from selling consumers' personal information.[10]
Organizations are required to "implement and maintain reasonable security procedures and practices"[11] in protecting consumer data.

https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act

Hasta Pronto, Taetske
Reply
Fleeky Premium
Great add Taetske!
You are an awesome ambassador!

Takes off a lot of stress, doesn't it?

❤️
Reply
laparra1 Premium
Yes, it does. Michael even found the complete law and read it. On Wikipedia, it is in a short version.

Hasta Pronto, Taetske
Reply
JeannineC Premium
The definition you quote above is only the one that defines a business under the CCPA. There are four other categories which must be considered.

If you collect email addresses, then you are liable. You must have a "Do Not Sell My Personal Information" link on any page inviting anyone to provide their email address, and you must immediately respond and comply with all requests.

If you work with any merchants at all, you also are considered a conduit to their sites, so you need to make sure that those sites are compliant.

While I can't speak for other networks, I can verify that the merchants on http://Awin.com or http://ShareASale.com are CCPA compliant, so it is safe to work with all of ours.
Reply
JeannineC Premium
Sorry, but just reading the law is never going to give you the full information.

Once a law is passed, the next step is interpretation. That's where things start getting complicated. Awin has already been working with California officials, reviewing the interpretations which have been released so far. That's why we could provide the blog post we did, and will continue to update as things evolve.

There's so much information involved, so many individual situations, that Wikipedia couldn't possibly do them all unless they have a lawyer who specializes in this area writing the post. (We have several lawyers on staff who only work with things like this.) Wikipedia is okay for general knowledge, but don't risk your business based on what you read on there and try to interpret without guidance.
Reply
laparra1 Premium
Good afternoon Jeannine,

Thank you for this information.
I do not make money with my websites. I do not collect data for email lists and I only write posts on things of my interest. That is why I think this does not apply to me, do you think I am wrong?

Greetings from the south of Spain,

Taetske
Reply
Fleeky Premium
Thank you Jeannine!

Would this also apply to non business, just benevolent?
Reply
laparra1 Premium
No, I do not collect email addresses for a mailing list.
But when somebody leaves a comment there is an email, only visible to me.
The few merchants I use like Amazon and ShareASale are ok as you said.
Thank you for your information.

All the best, Taetske
Reply
JeannineC Premium
You must be able to prove that you do absolutely nothing with those emails. Plus you must provide a way for those people to be completely forgotten - where you can remove their email from anything you have. Seeing those emails is enough to subject you to the CCPA. It's possible that your comment processor will have something, but California would say it is your responsibility to ensure that it is available somehow.

Also I said Awin and ShareASale, not Amazon. I have no idea what Amazon is doing to meet compliance requirements.
Reply
JeannineC Premium
Based on the discussions I've attended on the subject, being a business or not doesn't matter if you collect any type of personally identifiable information. If you get an email or have a way to identify anyone in any way, then you are subject to CCPA.
Reply
cramervod Premium
Everyone with an email account gets email addresses, how would that qualify for the opt-out?
Reply
Feochadan Premium
Frankly, this is only CALIFORNIA law and most of us do not live there so it's completely inapplicable. Plus lawyers are not going to come after small fry bloggers - they are going for the companies with the big bucks.
Reply
JeannineC Premium
Doesn't matter if you live in California or not. If someone from California visits your site and interacts so that you have any type of personal information, nexus is established and you are subject to CCPA laws.

This isn't necessarily the lawyers who will come after you. It's the state of California, and they love to make examples of businesses of all sizes to strike fear into the hearts of everyone. The fines start off small, then go up from there. But "small" could easily be big for smaller sites. Best to be compliant.
Reply
JeannineC Premium
Not sure about your question, but it's the collection of emails of others that's the issue here. That's personally identifiable information, and that's what the CCPA is out to fiercely protect.
Reply
cramervod Premium
What I was saying is that even as a citizen you collect personal information. No matter how you look at it there isn't any true way to prevent other people to keep your data safe.

I am simply trying to understand how these privacy laws are supposed to work since there isn't a "real" way to deter others from this kind of thing.

So, how does it work if I was a person with a list who didn't have a website and did everything on social media or from looking at other people's lists?

Would it all come from the tax forms or where would it be checked?
Reply
Fleeky Premium
Perhaps it WOuld be good to apply the rules not only to merchants but also to affiliates...
Reply
JeannineC Premium
As networks, both Awin and ShareASale have updated their Publisher Terms & Conditions which publishers must accept to work within the interface.

Can't speak about any of the other networks, but we are indeed applying it to publishers as appropriate as well.
Reply
Fleeky Premium
Yes... I noticed.
❤️💪
Reply
Fleeky Premium
When it comes to mailing lists, is it not so that programs like aweber and others need to provide that solution? Unless you use your own database?

Thank you for your guidance
Reply
JeannineC Premium
You must make sure that it is available on your site as well. It can't only be in the email they receive.
Reply
JeannineC Premium
Social media happens online - bang, you have nexus under the CCPA.

California will develop a variety of methods to investigate sites as time goes on. Originally they will respond primarily to complaints from people who couldn't be "forgotten" or opt out of a list or some of the other aspects of this law.

Remember, interpretation is the big part, and that has barely begun. Time will be able to answer your questions better than I can right now, because even California doesn't know yet. But you can indeed count on them to be fierce when it comes to this, because as a state they love doing stuff like that.
Reply
Fleeky Premium
Thank you!
✨🥰
Reply
laparra1 Premium
Good afternoon Fleeky,

My head is spinning with all these new things, not funny.
This afternoon we will try those 2 different plugins for disabled people. Then we can compare the 2 websites, I will let you know.
I will pass on your post to the technical department here in the house, let's see what he says.

Greetings from the south of Spain,

Taetske
Reply
Fleeky Premium
Lol!

Let that not disturb you!
🥰😝
Reply
Jose-Perez Premium
I was part of the compliance team in a California bank that was implementing procedures to meet this requirement. Banks will have to spend tons of money to comply with this unnecessary law. Companies already have to comply with essentially identical Federal laws GLBA and Regulation P. But California is determined to be an obstacle for businesses.

Anyhow, I use this plugin "Complianz | GDPR Cookie Consent", but to comply with CCPA you need the premium version. I haven’t switched to premium yet. I am considering it.

Jose
Reply
Fleeky Premium
Thank you José for your valuable insights...
And for sharing a plugin that does both GDPR and CCPA
Reply
1Summer Premium
Oh that's great! Can you imagine if every single state jumped on this bandwagon...

When you read about all the drug addiction/homelessness/rapes/murders/lawlessness etc., going on in the state, you would think they have more important issues to worry about...

I mean what's really behind this? It seems that the more "privacy" laws there are, the less privacy there is...

Thanks for bringing this to our attention Fleeky, so I guess we have to add yet another plugin or else...what's the penalty?
Reply
Fleeky Premium
Yes... a nightmare... and the small ones get robbed once again from referrals...

Two plugins iNdeed
They cover different aspects

Do not miss this
https://www.awin.com/us/news-and-events/gdpr/awin-and-the-california-consumer-privacy-act
Reply
1Summer Premium
Thank you Fleeky...Merry Christmas and Happy New Year to you!
Reply
Fleeky Premium
Same for you!
Reply
JeannineC Premium
Other states already have their individual legislation in the works. And, while it is often patterned after California, each one is different. The nightmare is just beginning.
Reply
Top