The California Consumer Privacy Act (CCPA) is a landmark privacy law that enhances the rights of California residents and imposes responsibilities on businesses regarding the collection, use, and sharing of personal data. Enacted in 2018 and effective since January 1, 2020, the CCPA gives consumers more control over their personal information and introduces new data transparency requirements for businesses.
What is CCPA?
The CCPA is a state-level data privacy law that grants California residents specific rights concerning their personal data and obligates businesses to operate with greater transparency. It aims to provide consumers with the ability to:
- Know what personal information is collected,
- Understand how it is used or shared,
- Opt out of the sale of their data,
- And request deletion of their information.
The CCPA was amended and expanded by the California Privacy Rights Act (CPRA), which came into effect on January 1, 2023, strengthening consumer rights and enforcement mechanisms
Who does the CCPA apply to?
The CCPA applies to for-profit businesses that collect personal data from California residents and meet at least one of the following criteria:
- Annual gross revenue of over $25 million,
- Buys, sells, or shares personal information of 100,000 or more consumers, households, or devices,
- Derives 50% or more of annual revenue from selling consumers’ personal information.
Importantly, CCPA compliance is required regardless of where the business is physically located, as long as it deals with California consumers.
What are consumer rights under CCPA?
The CCPA provides California residents with the following rights:
- Right to know – Consumers can request details about the personal data a business collects, uses, or discloses.
- Right to delete – Consumers can request deletion of their personal information, with some exceptions.
- Right to opt out – Consumers can opt out of the sale of their personal data.
- Right to non-discrimination – Consumers have the right not to be discriminated against for exercising their CCPA rights.
- Right to correct – (Added by CPRA) Consumers can request correction of inaccurate personal information.
What are the penalties for non-compliance with the CCPA?
Businesses that fail to comply with the CCPA may face:
- Civil penalties of up to $2,500 per violation or $7,500 per intentional violation.
- Private lawsuits in the event of a data breach involving unencrypted personal data.
- Investigations and enforcement actions by the California Privacy Protection Agency (CPPA), the independent body established by the CPRA.
Does the CCPA apply only in California?
While the CCPA is a California law, it applies to any business that processes the data of California residents and meets the applicability thresholds—regardless of where the business operates. Therefore, businesses located outside California, or even outside the U.S., must comply if they serve or monitor California-based consumers.
How does Consentise help with CCPA compliance?
Consentise enables businesses to align with CCPA and CPRA requirements by:
- Offering a fully customizable “Do Not Sell or Share My Personal Information” link, as required by law.
- Providing clear and granular consent banners, allowing users to control how their data is used.
- Respecting user preferences across sessions and devices, ensuring consistent enforcement.
- Logging and storing consent records to support audit trails and legal compliance.
- Supporting opt-out mechanisms and consumer rights requests through seamless integrations.
By using Consentise, your organization takes an important step in building transparency and earning consumer trust while staying compliant with California’s data privacy laws.