03.30.20

How does California’s CCPA Law affect your company?

By John Winter

Tracking a users’ online behaviour and history is common practice in the digital marketing world.  It still sounds a bit ‘Big Brother’ but as users we’ve come to expect it and when implemented responsibly, we agree in the benefits it provides.

In simple terms, we are looking for permission to collect user data and share this data across platforms to provide a better user experience.

On January 1st 2020, California enacted it’s new Consumer Privacy Act (known as the CCPA), essentially California’s version of EU’s GDPR (General Data Protection Regulation).

You may remember back in 2018 a significant number of European websites placed notices on their homepages to let visitors know that their site collects and shares their data, that was one of the effects of GDPR.

So, what does all this mean to Digital Marketing Teams?

Do I need to drop everything?

No, while the law came into effect on January 1st 2020, however, it will not be enforced until July 2020.

Does it apply to every business?

No, the law applies to for-profit companies that do business in California that shares consumer data of more than 50,000 people, or produced revenue of more than $25 million in the previous year.

Do I need to alter our website(s) and app(s) for just California?

CCPA applies to anyone that collects data of California residents (even if they are out of state).

What do I need to do to be compliant with CCPA?

CCPA mandates that websites / apps provide a mechanism to opt-out of data collection as well as enhance their privacy policy.   Our general recommendation is to roll out updates to your site for all USA users.

What’s the penalty for non-compliance with CCPA?

There’re of course fines and the real chance that they are significant fines.  If a case is brought against your company and you continue to remain non-compliant after 30 days upon being notified, it’s expected that a fine of $7500 per violation will be administered.  

While that sounds like a relatively small number, imagine you’ve 100,000 visitors to your website per month, $7500 X 100,000 would be a staggering amount.

We’re GDPA compliant, are we OK?

No, it’s not safe to make this assumption.   It does, however mean that you’ve likely implemented some of the key features of GDPR, you’re on your way to meeting the requirements of CCPA, and the updates required to get your website compliant are more straight-forward.

Are my digital marketing efforts going to be impacted?

No, absolutely not, sure there’s going to be some users that will opt of our data collection, but it’s worth noting that over 95% of consumers in Europe have not opted out of data collection.

CCPA doesn’t restrict anyone from selling any data collected either; it just means that users legally have the right to opt out of the collection and selling of data.

What’s my next step?

We’re already executing minor web enhancements for our USA and Global customers to implement small changes to incorporate changes for CCPA. Contact us and we’ll happily review with your teams if your business falls under CCPA and provide an estimate to get your website updated and compliant.