What is CCPA?
The California Consumer Privacy Act (CCPA) was passed in June 2018 and will go into effect January 1, 2020. The CCPA is designed to regulate the ‘sale’ of personal information of California residents by a business. Specifically, the law gives California residents the right to:
- Prohibit the sale of their personal information
- Request access to or deletion of their personal information
- Private right of action against a business for a security breach
In sum, CCPA is designed to provide more privacy protections to California residents.
To better understand the privacy protections that CCPA provides, it is helpful to know how a few key terms have been defined within the law.
Please note that the definitions below are provided to aid your understanding, but should not be taken as legal advice. Please consult your legal team to determine how CCPA applies to your business.
Sale: A “sale” includes the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means for monetary or other valuable consideration.
Personal Information: CCPA defines this as any information that may be used to directly or indirectly identify an individual. This includes: real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, SSN, driver’s license number, passport number, and also pseudonymous identifies like cookie IDs, IP addresses and mobile ad IDs.
Business: A company is considered a business subject to the CCPA if the company makes at least $25 million per year; or buys, sells, or shares more than 50,000 personal information records; or derives at least half of its annual revenue from selling consumers’ personal information.
What new rights do consumers have under CCPA?
CCPA details specific requests that consumers may make of businesses that “sell” their personal information.
- Do Not Sell. Businesses must include a “Do Not Sell My Data” link on their homepage to allow consumers to opt out of the ‘sale’ of their personal information.
- Right to Delete. Consumers can request that their personal information be deleted by the business and the service providers with which the business shares that personal information.
- Right to Access and Portability. Consumers can request the right to know what personal information a business has collected about them, and can request a copy of that personal information.
Quantcast has played an active role in industry working groups to develop common standards and frameworks to assist with compliance, and has also provided feedback directly to the California Attorney General’s office. We believe the regulation does a good job of explaining the different roles that companies may play under the CCPA. This includes the important part that publishers, advertisers and advertising technology companies play in consumers’ online experience.
Quantcast also supports a common compliance framework. We are part of the working group which built the IAB Transparency and Consent Framework to guide compliance in Europe. Taking our deep experience and learnings from that, we’ve also been active and enthusiastic participants in the working groups to build a compliance framework for CCPA that the IAB released for public comment on October 22, 2019. You can read more about that framework here.
Quantcast is a firm believer in the importance of consumer privacy and understands what it means to build a tool for website owners to support compliance in alignment with a common industry framework. In 2018, in response to data protection laws and regulations in Europe, we launched Quantcast Choice – a consent management solution. Since launch we’ve become the #1 adopted CMP across Europe and the US, passing 22B+ consent signals from over 32k+ unique domains.
Read more on Privacy
The latest and greatest on global privacy laws and industry coverage. Learn more