What is CCPA?
TL;DR
The California Consumer Privacy Act, a state law giving California residents rights over their personal data, including the right to know what data businesses collect, the right to delete their data, and the right to opt out of data sales. CCPA applies to businesses that: have over $25 million in annual revenue, buy/sell data of 100,000+ California consumers, or earn 50%+ of revenue from selling consumer data. Unlike GDPR, CCPA doesn't require consent before collection. Instead, it requires disclosure and opt-out options. Covered businesses must: post a Privacy Policy detailing data practices, provide a "Do Not Sell My Personal Information" link, respond to consumer data requests within 45 days, and not discriminate against consumers who exercise their rights. For marketing, CCPA impacts retargeting (often considered "selling" data), third-party tracking, and data sharing with vendors. The CPRA (California Privacy Rights Act) expanded CCPA in 2023, adding rights around sensitive personal information and creating an enforcement agency. Even businesses outside California should consider compliance if they have California customers.
On this page
Frequently Asked Questions About CCPA
Does CCPA apply to my small business?
Only if you meet the thresholds: $25M+ revenue, data from 100K+ California consumers, or 50%+ revenue from selling data. Most small businesses don't qualify. However, privacy-conscious practices protect you as laws expand to other states.
What counts as 'selling' data under CCPA?
Broadly defined, it includes sharing data with third parties for monetary or other valuable consideration. Using Facebook Pixel or Google Ads can count as 'selling' because you share visitor data in exchange for ad targeting capabilities. It's not just literal sales.
Do I need a 'Do Not Sell My Info' link?
Only if CCPA applies to your business (meet the thresholds) AND you 'sell' data as CCPA defines it. If you use third-party tracking or advertising, you likely need the link. It must be prominent, usually in your footer and privacy policy.
How is CCPA different from GDPR?
GDPR requires consent before collecting data (opt-in). CCPA requires disclosure and allows opt-out after collection. GDPR applies to anyone handling EU data; CCPA only applies to businesses meeting size thresholds with California customers.
What other states have privacy laws like CCPA?
Virginia, Colorado, Connecticut, Utah, and more states are passing similar laws. A patchwork is emerging. Best practice: build privacy-respecting systems now rather than scrambling to comply state-by-state later.
Terms Related to CCPA
Cookie Consent
Permission from website visitors before setting non-essential cookies on their devices, typically obtained through a con...
Read definition ComplianceGDPR
The General Data Protection Regulation, a European Union law governing how businesses collect, store, and use personal d...
Read definition CompliancePrivacy Policy
A legal document explaining what personal data your business collects, how you use it, who you share it with, and what r...
Read definition ComplianceADA Compliance
Making your website accessible to people with disabilities, as covered by the Americans with Disabilities Act and interp...
Read definition ComplianceCAN-SPAM
The Controlling the Assault of Non-Solicited Pornography And Marketing Act, a US law regulating commercial email since 2...
Read definition ComplianceTerms of Service
A legal agreement between your business and users of your website or service, outlining rules, responsibilities, and lim...
Read definition