Watch Roq.ad Webinar: Navigating a Rapidly Changing US Digital Advertising Landscape
Our Blog See all posts Watch Roq.ad Webinar: Navigating a Rapidly Changing US Digital Advertising Landscape On May 17 we streamed live Webinar with Kurt
Partnerships Director / Roq.ad
CCPA was introduced in the State of California back in 2018 to enhance privacy rights and consumer protection for all of its residents. And the first thing you have to know about it is that only California residents have rights under the CCPA and no one else. If you are interested in the content of this act, you can view it online.
Generally speaking, the California Consumer Privacy Act gives consumers more control over their personal information. Additionally, CCPA provides information on how this legal act ought to be implemented and by whom (we’ll talk about that in a few moments).
There are four fundamental rights that every California consumer can exercise if needed:
Moreover, businesses must provide transparent information about these issues and offer them the possibility to opt out. But there’s more. Any California resident can ask a given company to disclose personal information about them, inform what they do with it, and even delete it if they feel necessary. Each consumer also has the right to know what kinds of personal data a specific company gathers and processes.
In general, it’s everything that can identify you (or your household) as a specific person. We deal with personal data even when a given piece of information can be related or linked to a specific customer. So in practice, personal data, as CCPA understands it, involves the following:
It’s also personal information if it could be used to create a detailed profile about your preferences and characteristics. On the other hand, everything that’s publicly available from federal or local records does not constitute personal information under CCPA.
CCPA is very specific about what kinds of companies and organizations need to stick to it. It applies to all the businesses operating in California that:
If your company meets at least one of these conditions, you need to operate under CCPA.
Of course, a data breach can happen at any time. However, consumers cannot use any data breach to sue a company. There is a whole list of conditions that need to be met. Consumers can file a lawsuit only if their full name was stolen in combination with their (at least one):
Furthermore, all of that information must have been stolen in a non-encrypted and non-redacted form. All in all, it’s rather unlikely for such a massive and uncontrolled data breach to happen.
We understand the request to stop selling your personal information by this short term. There are some exceptions, but once a company receives such a request from you, they need to stop selling it immediately (of course, unless you authorize them to do so again in the future). With regard to this law, businesses operating in California need to provide a transparent “Do not sell my personal information” link directly on their website. It has to contain a form enabling any person to submit (unconditionally) an opt-out request.
If you want to know more about CCPA, take a look at this government website. Lastly, let’s take a closer look at the difference between CCPA and GDPR. There are some important points that need to be discussed.
If you’ve never heard of GDPR, that means you live and work outside the European Union. The General Data Protection Regulation was introduced back in 2016, and it is a legal framework that sets all the necessary guidelines and regulations concerning processing personal data coming from individuals living and working in the European Union.
When compared to CCPA, GDPR is a much more complex and broader privacy protection law. In short, the main rule in GDPR is called “privacy by default,” and it means that for a European company to process personal data, it needs to have prior consent from a specific person. Under GDPR, Europeans have a whole range of rights, including the right to access, erase, and modify their personal information. Furthermore, they almost always have the right to withdraw their consent to process personal data. CCPA is, without a doubt, a more specific law.
Let’s go further. GDPR provides six legal reasons to process personal data, whereas CCPA doesn’t give any. This means that businesses in California can process personal data however way they want and for whatever they want. All they have to do is provide the opt-out procedure.
Secondly, GDPR protects any consumer who is in the European Union at the time of collection or processing (they don’t have to be residents of the EU). On the other hand, CCPA only protects California residents.
Another difference – CCPA deals with personal information that identifies, relates to, describes, or links with a consumer or household. GDPR deals with any personal data of an individual but does not include households. Only anonymized data is exempt.
And the last thing that needs mentioning is penalties. Both legal acts have some penalties for practices that go against their guidelines. However, the European regulation is much more strict here. The penalty can go up to 4% of the company’s global annual turnover (or up to 20 million EUR). When it comes to CCPA, there is a maximum penalty of just 2,500 USD per violation (or 7,500 USD in case of international breaches).
Thank you for reading. If you have any questions about CCPA, GDPR, identity resolution or data onboarding, you can find me at LinkedIn
Our Blog See all posts Watch Roq.ad Webinar: Navigating a Rapidly Changing US Digital Advertising Landscape On May 17 we streamed live Webinar with Kurt
Our Blog See all posts Navigating a Rapidly Changing US Digital Advertising Landscape. A May 17 webinar. Join us live on May 17 to hear
Our Blog See all posts Roq.ad’s Statement on Ukraine We at roq.ad avoid politics in our communications, but it’s impossible to stand idly by given
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement". |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie is set by CloudFlare. The cookie is used to support Cloudflare Bot Management. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_gat_gtag_UA_72242259_1 | 1 minute | This cookie is set by Google and is used to distinguish users. |
_gid | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form. |