Do Not Sell My Info: Are You CCPA-Compliant?

As of January 1st, 2020 the CCPA came into effect. The CCPA, for those not familiar, is the California Consumer Privacy Act.

This act, which technically only impacts residents of California, seems to be being applied nationally by many sites.

What Is The CCPA?

The CCPA is an act passed in June 2018 that basically requires that all websites that collect data and sell that data to 3rd parties via tracking cookies or other methods, provide an option for users to not have such data collected and/or sold.

It’s received significant push-back from companies either challenging it directly, or pressing for a federal law to override it, but as of yesterday it’s in place with no workarounds in sight.

Overall, the law simply puts the ownership of a person’s data into their own hands, which is generally a good thing.

A drawback to it is the cost to businesses that may need this revenue to exist.  This wouldn’t be as large a problem if we all didn’t want everything free, but if the sites need to put up a paywall to recover the lost revenue, many will go broke.

That of course would require a large number of people to even know to use it. It’ll be interesting to see the rates of use as they are made available.

How To Opt Out

Assuming you don’t want your data sold to third parties, if you look to the footer of compliant sites and you’re in California (for companies sticking to the letter of the law, many are just pushing out the change across the US) you’ll find a link that looks like:

Clicking this link will open up a screen that allows consumers to select what type of data can be collected by third parties:

Are You CCPA Compliant?

Compliance with this new law is critical for businesses impacted as the penalties could be significant.

Currently there is a little ambiguity as to how the fines will be applied.  Currently an intentional violation would cost $7500 per incident, and an unintentional $2500.

As the folks at Clarity In Privacy point out however, those fines don’t actually make it worth the effort and so it seems likely that an incident will be considered each consumer impacted.  If that’s the case (and I suspect it will be) then the costs could easily be in the many millions.

How To Get CCPA Compliant

I’m only here to inform you as to what’s happening.  This is not my area of expertise, nor do I want it to be.

I cannot recommend enough, contacting your web developers and lawyers, to ensure you comply with all necessary laws if you haven’t done so already.

That said, there does appear to be a decent checklist/guide at https://ccpacompliancechecklist.com/ that should help you understand whether the law applies to you. I.e. if you:

• Earn revenues greater than $25 million.
• Buy, receive, sell or share the personal information of 50,000 or more consumers, households or devices for commercial purposes.
• Derive 50 percent of annual revenues from selling consumers’ personal information.

It does appear thorough, but not as thorough as your lawyer would likely be, and you may not even know what you’re collecting, which is why I suggest talking to your developers or other expert.