Complianz Privacy Suite

Questions about the CCPA

Mathieu

Mathieu

Categories

Popular articles

TCF for WordPress

The Transparency Consent Framework (TCF) is an initiative by IAB Europe and IAB Tech Lab to provide a platform for vendors, publishers, and consent management

Read More

TCF V2.0 release (Update)

Update: Released on October 5th 2020 Since August 15th the Transparency and Consent Framework V2.0 from IAB Europe or TCF V2 has been adapted by

Read More

Creating the Legal Hub

Have you seen our new Legal Hub? If not, have a look before reading this instruction article. We created the legal hub to centralize our

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

What rights does a Californian resident have? 

If you are a California resident, you may ask businesses to disclose what personal information they have about you and what they do with that information, to delete your personal information and not to sell your personal information. You also have the right to be notified, before or at the point businesses collect your personal information, of the types of personal information they are collecting, and what they may do with that information. Generally, businesses cannot discriminate against you for exercising your rights under the CCPA. Businesses cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.

What businesses does the CCPA apply to?

The CCPA applies to for-profit businesses that do business in California and meet any of the following:

  • Have a gross annual revenue of over $25 million;
  • Derive 50% or more of their annual revenue from selling California residents’ personal information; or
  • Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices.

This also means that every website which sets publisher cookies, collects IP-addresses and/or analyzes website behavior of more than 50.000 individuals, households, or devices per year, and shares this information with a third party, should comply.​

What is the right to know?

You may request that businesses disclose to you what personal information they have collected, used, shared, or sold about you, and why they collected, used, shared, or sold that information. Specifically, you may request that businesses disclose:

  • The categories of personal information collected
  • Specific pieces of personal information collected
  • The categories of sources from which the business collected personal information
  • The purposes for which the business uses personal information
  • The categories of third parties with whom the business shares the personal information
  • The categories of information that the business sells or discloses to third parties

Businesses must provide you with this information for the 12-month period preceding your request. They must provide this information to you free of charge.

How to submit the request to know?

Businesses must designate at least two methods for you to submit your request—for example, an email address, website form, or hard copy form. One of those methods has to be a toll-free phone number and, if the business has a website, one of those methods has to be through its website. However, if a business operates exclusively online, it only needs to provide an email address for submitting requests to know.

What is the right to opt-out?

You may request that businesses stop selling your personal information (“opt-out”). With some exceptions, businesses cannot sell your personal information after they receive your opt-out request unless you later provide authorization allowing them to do so again. Businesses must wait at least 12 months before asking you to opt back into the sale of your personal information.

How to submit the opt-out request?

Businesses that sell personal information are subject to the CCPA’s requirement to provide a clear and conspicuous “Do Not Sell My Personal Information” link on their website that allows you to submit an opt-out request. Businesses cannot require you to create an account in order to submit your request.

Make sure you submit your opt-out request through the “Do Not Sell My Personal Information” link or through another method that the business designates for opt-out requests, which may be different from its normal customer service contact information. If you can’t find a business’s “Do Not Sell” link, review its privacy policy, which must include that link.

Right to non-discrimination

Businesses cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.

However, if you refuse to provide your personal information to a business or ask it to delete or stop selling your personal information, and that personal information or sale is necessary for the business to provide you with goods or services, the business may not be able to complete that transaction.

How can Complianz help?

Do you want to know how Complianz can help website developers to meet these and other legal requirements?  We have written an article about that too!

Recent articles

Subscribe