California Consumer Privacy Act
Who does California Consumer Privacy Act apply?
CCPA currently applies to any for-profit enterprises in California that:
- Collects, shares, or sells personal data of California consumers
- Has gross revenues exceeding $25 million or
- Holds personal information of 50,000+ households, customers, or devices.
Does the CCPA apply to businesses outside of California?
Yes, the CCPA applies to businesses outside of California only if they collect or sell personal information of California residents, conduct business in the State, and meet at least one of the following:
- Gross annual revenue exceeds $25 million
- Commercially trades personal information 50,000+ CA residents.
Which states follow CCPA?
California is the gold standard for state privacy laws since the State has recently formulated the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Colorado and Virginia also have created comprehensive privacy laws, which will be enforced in 2023.
What are the rules of CCPA?
The CCPA requires business to include consumers’ privacy rights information and the procedures to exercise the rights in their privacy policies. Some rights include:
- Right to Know
- Right to Non-Discrimination
- Right to Opt-Out of Sale
- Right to Delete
What does California's CCPA provide to California consumers?
This law provides comprehensive privacy rights for California consumers, which primarily include:
- The right to know how a business collects, uses and shares personal info
- The right to delete personal information collected; exceptions exist.
What is the difference between GDPR and CCPA?
The GDPR is an EU law enacted in May 2018, and it’s uniformly binding all 27 member states. Essentially, the GDPR law oversees how websites and different corporations handle personal data, including emails, browser history, and location data of EU visitors.
On the other hand, CCPA is a state-wide privacy law in the US, empowering Californians with new rights to handle their data collected by third-party websites.
Secondly, GDPR focuses on creating a privacy-by-default framework in the EU, whereas CCPA law is about developing transparency and granting rights to Californians.
Which businesses are exempt from the CCPA data privacy law?
There are few business organizations exempt from the CCPA law even if they collect the personal data of Californians and meet the CCPA criteria. They include:
– Nonprofits: Exempted because they don’t fall under the prescribed definition of business.
– Government agencies: They are exempt because such organizations inadvertently require personal information for investigations and lawful matters. The parties exempted under this category include the federal, state, and local agencies’ bodies.
– Insurance institutions: CCPA exempts insurance institutions and their agents because they are governed by other laws, which, in this case, California’s Insurance Information and Privacy Protection Act (IIPPA).
Is GDPR or CCPA more strict?
The GDPR is stricter since it requires users to give their consent before collecting their data. In contrast, CCPA requires consent only for data disclosure or selling to third parties.