CookieConfig
Log inSign up
Back to Documentation

CCPA Compliance

California Consumer Privacy Act (United States)

What is CCPA?

The California Consumer Privacy Act (CCPA) is a state-level data privacy law that gives California residents rights over their personal information and how it's used, including data collected through cookies and tracking technologies.

Key Requirements

  • Notice: Inform users about data collection practices
  • Opt-out right: Users can opt out of the "sale" of personal information
  • "Do Not Sell My Personal Information" opt-out: Must provide clear opt-out mechanism (can be via banner "Reject All" button)
  • No discrimination: Cannot discriminate against users who exercise their rights
  • Data deletion: Users can request deletion of their personal data

CCPA vs GDPR

Key differences:

  • Opt-in vs Opt-out: GDPR requires opt-in consent; CCPA requires opt-out for data sales
  • Scope: GDPR applies to EU residents; CCPA applies to California residents
  • Definition of personal data: CCPA has a broader definition including device IDs and IP addresses

How CookieConfig Helps

  • Do Not Sell option: Users can reject analytics/marketing cookies
  • Clear disclosure: Banner explains what data is collected
  • Easy opt-out: One-click rejection of non-essential cookies
  • Consent records: Maintain records of user preferences
  • Data deletion: Users can delete their account and all associated data

Who Must Comply?

Your business must comply with CCPA if it:

  • Does business in California
  • Collects personal information from California residents
  • AND meets one of these thresholds:
    • Annual gross revenues exceed $25 million
    • Buys, sells, or shares personal information of 100,000+ California residents/households
    • Derives 50%+ of annual revenue from selling personal information

Important Note

Cookie consent banners alone do not guarantee CCPA compliance. You must also update your privacy policy, implement data deletion procedures, and provide other required disclosures. Consult with legal counsel for complete compliance.

Implementation Checklist

  1. Install CookieConfig on your website
  2. Update privacy policy with CCPA-required disclosures
  3. Ensure banner includes CCPA "Do Not Sell" opt-out language (automatically included for California visitors)
  4. Implement data subject request procedures
  5. Train staff on CCPA requirements

Penalties

CCPA violations can result in civil penalties of up to $2,500 per violation or $7,500 per intentional violation. California residents can also sue for data breaches.

Related Regulations

  • GDPR - European Union privacy law
  • CPRA - California Privacy Rights Act (CCPA expansion, effective 2023)