Since July 1st, 2020, Californian consumers have acquire drights over their personal information. These rights include knowing what kind of information is collected, whether the information will be sold, and whether it is transferred to a third party. The reason for this is the CCPA.
CCPA is an abbreviation for The California Consumer Privacy Act. It has been underway for a long time, but in June 2018, the law was signed by the Governor of California, Jerry Brown. Since the beginning, the law has been met with strong opposition. Big Silicon Valley tech companies were so against the CCPA that they began a major lobbying effort to change its content.
Continue reading for a short guide on CCPA compliance.
What is the CCPA?
The CCPA is built on two major principles: the right to say no and the right to know. With this law, users gain the right to know what happens to their personal information, e.g., what kind of information is collected, shared with third parties etc. Users also gain the right to get their information deleted and to decide whether their information can be sold.
Who is affected by the CCPA?
The law applies to for-profit companies that operate and do business in the state of California. In addition, one or more of the following thresholds must be met:
– Collects, shares, or sells personal information from citizens based in The Golden State
– Has a gross revenue surpassing$25 million
– More than 50 % of their annual income from selling personal information from California based citizens
What are the penalties for non-compliance?
The fine for violating the CCPA is up to $750 per affected consumer. Each violation case will be assessed individually making it impossible to know the exact size of the fine beforehand.
The court will look at the following factors when deciding the size of the fine:
- The overall case
- Numbers of consumers involved
- Timeframe of the offence
- The specific data involved in the case, e.g., how sensitive is it etc.
What is the difference between CCPA and the European GDPR?
The GDPR – an abbreviation of General Data Protection Regulation –is similar (but fundamentally different) to the CCPA in that controls the data handling of organizations targeting European consumers. The GDPR is more comprehensive than the CCPA and the former is relevant for businesses targeting EU-based consumers.
Some of the main differences between the GDPR and the CCPA are as follows:
- The GDPR protects data subjects while the CCPA protects residents
- The GDPR protects any data subject so long as they are in the EU when the data collection happens. Meanwhile, the CCPA only protects Californian residents.
- GDPR fines for non-compliance tend to be much higher than those issued for non-compliance with the CCPA