California Consumer Privacy Act (CCPA)

5 minute read

The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including:

  • The right to know about the personal information a business collects about them and how it is used and shared;
  • The right to delete personal information collected from them (with some exceptions);
  • The right to opt-out of the sale of their personal information; and
  • The right to non-discrimination for exercising their CCPA rights.
    Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
  • California Consumer Privacy Act of 2018 (IAPP) The IAPP created this html version of the CCPA in order to provide a way to easily link to specific sections when referring to them in our articles. Please feel free to use the following method to do the same. To link to specific sections, links can be copied from the table of contents.
  • California Consumer Privacy Act - (ccpa-info) Section headings have been added for convenience and are not a part of the official text. The statute reflects amendments passed in 2019. A summary of those amendments can be found on the Amendments page.
  • California Consumer Privacy Act (ABA) It is obvious to even the most tech illiterate by now that regulations over data are becoming more onerous and intrusive against what was more of a wild west type scenario in the early days of data sharing. The latest proof of this is in the newly enacted General Data Protection Regulation (GDPR) in the European Union effective on May 25, 2018 (it happens to be my birthday), and in the shadow of the pending U.S. Encrypt Act, and the most recent state’s effort to tighten the data screws for which the poster child currently is California’s new regulation, California Consumer Privacy Act (CCPA) that sets the bar higher than ever before for U.S. companies regarding data privacy regulation. If the bill comes into law in its present form, which this author believes it will not, then companies doing business in the U.S. will require almost the same data privacy controls and capabilities that multinationals need to do business in the European Union require today with some rather ideological exceptions. As always, “failure to protect the data” signals the same need GDPR has for end-to-end encryption, portability, conformity, and data residency.


  • What is the California Consumer Privacy Act (CCPA)?

    GDPR was implemented on May 25, 2018 to standardize the data protection law across all 28 European Union (EU) countries. It requires businesses to protect consumers’ personal data for transactions that occur within the EU and affects any US business that operates in the EU.
    Unlike GDPR, CCPA only applies to businesses in the state of California, not the European Union. CCPA also focuses on selling personal information for profit, whereas GDPR focuses on data ownership and rights of deletion.



  • IAB Releases the IAB CCPA Compliance Framework for Publishers & Technology Companies and the Limited Service Provider Agreement

    In an ongoing effort to promote the principles of transparency, accountability, and choice that are the basis of the California Consumer Privacy Act, today we are releasing version 1.0 of the IAB CCPA Compliance Framework for Publishers & Technology Companies, as well as the accompanying Limited Services Provider Agreement. The release of these two documents accompanies the IAB Tech Lab’s release of version 1 of the technical specifications of CCPA-related signals earlier this month.

  • IAB CCPA Compliance Framework for Publishers & Technology Companies

    The California Consumer Privacy Act (CCPA) was enacted to provide California consumers with greater transparency and control over their personal information. In many ways, the CCPA is a first of its kind law in the United States: an omnibus statute that seeks to create broad privacy and data protection rules that apply to all industries doing business in one jurisdiction, California, rather than focusing on a single sector or specific data collection and use practices. The CCPA was created in response to changing public perceptions. Users, rightfully, want to understand and have the option to exercise control over their own data.

  • Integration with IAB CCPA Framework Technical Specifications

    Google is not currently a signatory to the IAB Privacy’s Limited Service Provider Contract. We have however integrated with the IAB CCPA Framework v1.0 Technical Specifications in Authorized Buyers as detailed below.



  • The California Privacy Rights Act of 2020
  • California Privacy Rights and Enforcement Act is passed by voter ballot - PwC

    CPRA builds upon the California Consumer Privacy Act of 2018 (CCPA) to strengthen consumers’ privacy rights.
    California consumers have new rights:

    • to correct their personal data
    • opt out of proximate geolocation tracking
    • browse without pop-ups
      Companies must:
    • minimize their retention of Californians’ personal data
    • further restrict collection and use of sensitive personal data
    • provide consumers greater transparency around “profiling” and “automated decision-making”
    • regularly assess high-risk data processors
      CPRA applies to personal information collected after January 1, 2022, and comes in force on January 1, 2023.

Comments by Staticman and Identosphere

Leave a Comment

Your email address will not be published. Required fields are marked *