The California Consumer Privacy Act (CCPA), effective since January 1, 2020, and expanded by the 2023 CPRA, grants California residents significant control over their personal data. It forces businesses to provide transparency about data collection and enables consumers to access, delete, and opt-out of the sale or sharing of their information. Key Aspects of the CCPA: Who it Protects: California residents (consumers). What it Covers: "Personal Information" defined broadly, including names, IP addresses, biometric data, geolocation, and purchasing history. Which Businesses Must Comply:... Show more The California Consumer Privacy Act (CCPA), effective since January 1, 2020, and expanded by the 2023 CPRA, grants California residents significant control over their personal data. It forces businesses to provide transparency about data collection and enables consumers to access, delete, and opt-out of the sale or sharing of their information. Key Aspects of the CCPA: Who it Protects: California residents (consumers). What it Covers: "Personal Information" defined broadly, including names, IP addresses, biometric data, geolocation, and purchasing history. Which Businesses Must Comply: For-profit businesses that collect California residents' data, do business in California, and satisfy one of the following: Annual gross revenue over $25 million. Buy/sell/share the personal information of 100,000+ California residents or households. Derive 50% or more of annual revenue from selling/sharing personal information. Core Consumer Rights: Right to Know: Consumers can request information about what personal data is collected, used, shared, or sold. Right to Delete: Consumers can request the deletion of their personal information, subject to certain exceptions. Right to Opt-Out: Consumers can opt-out of the sale or sharing of their personal information to third parties. Right to Non-Discrimination: Businesses cannot deny goods/services or charge different prices to consumers exercising their privacy rights. Right to Correct: Amended to allow consumers to correct inaccurate personal information. Business Obligations: Privacy Notices: Businesses must inform consumers at or before the point of collection about the types of data collected and its purpose. "Do Not Sell" Link: A clear link must be provided on the business website for opting out. Compliance Timeline: Businesses must respond to requests within 45 days. Violations can lead to civil penalties enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. Show less
The California Consumer Privacy Act (CCPA), effective since January 1, 2020, and expanded by the 2023 CPRA, grants California residents significant control over their personal data. It forces businesses to provide transparency about data collection and enables consumers to access, delete, and opt-out of the sale or sharing of their information.
Key Aspects of the CCPA: Who it Protects: California residents (consumers). What it Covers: "Personal Information" defined broadly, including names, IP addresses, biometric data, geolocation, and purchasing history. Which Businesses Must Comply: For-profit businesses that collect California residents' data, do business in California, and satisfy one of the following: Annual gross revenue over $25 million. Buy/sell/share the personal information of 100,000+ California residents or households. Derive 50% or more of annual revenue from selling/sharing personal information.
Core Consumer Rights: Right to Know: Consumers can request information about what personal data is collected, used, shared, or sold. Right to Delete: Consumers can request the deletion of their personal information, subject to certain exceptions. Right to Opt-Out: Consumers can opt-out of the sale or sharing of their personal information to third parties. Right to Non-Discrimination: Businesses cannot deny goods/services or charge different prices to consumers exercising their privacy rights. Right to Correct: Amended to allow consumers to correct inaccurate personal information.
Business Obligations: Privacy Notices: Businesses must inform consumers at or before the point of collection about the types of data collected and its purpose. "Do Not Sell" Link: A clear link must be provided on the business website for opting out. Compliance Timeline: Businesses must respond to requests within 45 days.
Violations can lead to civil penalties enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.