Who Is Covered by CCPA and What Does it Require?

By | July 1, 2021

The California Consumer Privacy Act (CCPA) gives consumers more control over the personal information that businesses gather about them as well as gives guidance on how to implement the law. CCPA advocates for companies in the United States of America to do more than just update their privacy policies. For more information, visit ethyca.com/about-consent-management/.

Regulations such as California Consumer Privacy Act codify consent in personal data processing. For several privacy regulations worldwide explicit consent from the user is required to process their data. For example, when processing personal data for customer service for marketing one might need separate consent questions for each of the questions and the users must be informed what each of those questions entails. The data flow collect should reflect and respect the user’s preferences.

California’s CCPA has embedded consent into the sale of personal data. For example, a business may want to sell user site data to an advertiser to present more relevant advertisements to the user. For the business to do that it must disclose those plans to Californian’s giving them the option to withhold their consent.

CCPA satisfies the consent requirements when the users opt-out or explicitly withholds their consent otherwise the data processing continues. This framework will still require that the users receive clear information about the business. However, when it comes to processing children’s personal information, the business will only satisfy consent requirements if the user opts in the processing.

Who is covered and/or affected by CCPA?

The requirements of CCPA affect a lot of businesses that leverage a wide range of personal data that is connected to the California residents, their devices, and households.

CCPA applies to any for-profit organization doing business in California that collects, shares, or sells the data of California’s consumers. CCPA also applies when:

  1. The organization or business entity earns more than half of its annual revenue from selling consumers’ personal information.
  2. The business has annual gross revenues that are more than $25 million.
  3. The business has the personal information of 50,000 or more consumers, devices, or households.

If a business has personal information from California’s residents and meets the above criteria, it is subject to CCPA.

CCPA will also apply to an entity that is owned by or shares common branding with a coved business.

CCPA requires businesses to:

  1. Treat their customers equally on price and services whether or not they have exercised their rights under the law.
  2. Disclose to their consumers that they share or sell personal information.
  3. Add a toll-free phone number for consumer requests.
  4. Include a “Do Not Sell My Personal Information” option on their websites.
  5. Affirmatively collect consent to sell data from any consumer under the age of 16 or their parents or guardians.

With consent management, it empowers users to understand and exercise their data rights and can make your brand stand out as a champion for user privacy. A business should understand user consent throughout its data flow which is crucial to privacy compliance.