The California Consumer Privacy Act (CCPA) became effective on January 1, 2020 and enforcement by the Attorney General is scheduled to start on July 1, 2020? Do your business practices, and most importantly, your website, comply?
The CCPA created new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It requires the Attorney General to solicit broad public participation and adopt regulations to
further the CCPA’s purposes. The proposed regulations, expected to be published before July 1, 2020, will establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses on how to comply.
There is no specific language required by the CCPA, at least not yet, but it requires the owner to disclose its particular data collection, sharing and privacy policies. The CCPA also requires certain disclosures and a clear way to immediately
opt-out. The language of the disclosures on a website will vary if the website also solicits or receives traffic from the EU as the EU has additional requirements.
A suggestion by many website designers is a pop-up disclaimer, such as:
This website or its third-party tools process personal data (e.g. browsing data or IP addresses) and use cookies or other identifiers, which are necessary for its functioning and required to achieve the purposes illustrated in the cookie policy. In case of sale of your personal information, you may opt-out by using link “Do Not Sell My Personal Information”. To find out more about the categories of personal information collected and the purposes for which such information will be used, please refer to our “Privacy Policy”. You accept the use of cookies or other identifiers by closing or dismissing this notice, by clicking a link or button or by continuing to browse otherwise.
The CCPA requires that there be the ability to code the links to act to permit opt-out and that there be a Privacy Policy linked with terms of service. There are many internet solutions that will set this up for you, such as https://www.iubenda.com/en/ that provide the code and programming solutions necessary to integrate CCPA disclosures as well as EU compliance.
As far as the law around such disclosures, businesses are required to disclose data collection and to implement a method of receiving consent or facilitating its withdrawal. Failure to adhere to these laws can result in hefty fines, lead to litigation and negatively affect the credibility of the website or app.
If you operate a website you or your service provider likely gather data. It does not matter if you never use it. The CCPA is likely to apply. Make sure you can comply with a compliant website developer and oversight by your business legal counsel.
The information presented is not intended to be, and does not constitute, “legal advice.” Because each situation varies, and only brief summary information is provided here, you should not use this information as a basis for action unless you have independently verified with your own counsel that it applies to your particular situation.
Leave a Reply