The California Consumer Protection Act (CCPA) came into effect on the 1st of January 2020. But worry not, marketers still have time to prepare as this law will be enforced from the 1st of July 2020.
Any company wanting to operate in California will need to abide by this law, regardless of its geographical location.
The CCPA aims to put greater restrictions around how companies collect and use data, similar to Europe’s General Data Protection Regulation (GDPR), although the laws are not exactly the same.
The California law forces companies to reveal the data they collect. Broken down, the principle intentions of the Act are to provide California residents with the right to:
- Know what personal data is being collected on them
- Know whether their personal data is sold or disclosed and to whom
- Say no to the sale of personal data
- Access their personal data
- Request a business to delete any personal information about a consumer collected from that consumer
- Not be discriminated against for exercising their privacy rights
The law will also control how data can be used for online ads.
Therefore, the key difference between the GDPR and the CCPA is that while the GDPR focuses on the actual person, the CCPA focuses on the data itself.
The CCPA applies to any business, including any for-profit entity, that collects consumers’ personal data, which does business in California and meets the following criteria:
- Earns more than $25 million gross revenue
- Collects data on more than 50,000 people, or for which selling consumer data accounts for more than 50% of revenue
The CCPA also applies to any business that controls or is controlled by an entity that meets one of the above criteria. Further reading on this important new law can be found here: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act