CCPA Cookie Banner Best Practices

The California Consumer Privacy Act (CCPA) is a privacy regulation to protect consumers in the state of California. The CCPA puts rules in place to provide transparency into the collection and processing of the personal data of California consumers. CCPA gives consumers in California the right to know what information is collected on them and how the data is used.  

If the business that collects the personal data of individuals meets one or more of the following conditions, they must adhere to the CCPA: 

• The business earns $25 million or more in revenue annually. 
• Processes data of 50K or more consumers, households, or devices. 
• It derives at least 50 percent of its annual revenue from selling the personal in 

Like many global privacy regulations, there are specific rules for cookie consent and how it must be obtained. Here’s an overview of what your cookie banner should include to take steps to be CCPA compliant. 

A CCPA cookie banner should include the following: 

1. Information about cookie use that includes details about the purpose for the use of cookies on the site and whether the site shares the information with third party companies. 
2. A button to accept or decline cookies. Although the CCPA doesn’t require consumers to opt-in to cookies before the website can drop cookies, it’s considered best practice to still inform the user about the data it collects. The cookie banner can include a link to a cookie settings page where a user can choose to opt-in or out, as well as see exactly what cookies they’re consenting to. 
3. The CCPA requires that businesses include a link or button to an opt-out form on your home page. The button should read “Do Not Sell My Personal Information.” The link needs to route to a “Do Not Sell” page on your website. The Do Not Sell page should include a link to a privacy policy and the option to opt-out of personalized advertisements. This button is not considered a cookie banner, but it can be on or near the cookie banner – see the example below. Read more about how to comply with the CCPA Do Not Sell Rule on our blog, CCPA Do Not Sell Rule: The Complete Guide. 
4. The consumer must have the ability to withdraw consent for the sale of their personal information at any time in an easy-to-find spot on the website.  

Under the CCPA, opt-out consent is admissible, so a preference center can automatically opt the user in, but must also give the user the opportunity to opt-out of cookies. Additionally, the implied consent model is also permitted under the CCPA. Informing the user that the continued use of the site equals consent is acceptable for the CCPA requirement of informing the website user about the use of cookies.  

Similar to creating a GDPR-compliant cookie banner, using CookiePro’s geolocation rules allows you to craft banners that will display differently based on the rules and regulations where the site visitor is located. This can help save time and effort when developing a fully compliant cookie banner. 

Create your CCPA opt-out button and cookie consent banner with CookiePro!