CCPA and Cookies
Last Updated: January 13, 2021
Cookies and similar tracking technologies are important for CCPA Compliance. The CCPA gives businesses more scope to use a less restrictive form of cookie consent, compared to the GDPR. Although there are areas where compliance can become complicated.
What Are Cookies?
Cookies are pieces of data, normally stored in text files, that websites place on a visitor’s computer or mobile device to store specific information about the visitor. Cookies were designed to be a reliable mechanism for websites to remember stateful information or to record the user’s browsing activity.
Some cookies are necessary for the operation of the site. While others may be used for analytical, tracking, and marketing purposes.
What is the CCPA?
The California Consumer Privacy Act (CCPA) is a privacy regulation that went into effect on January 1, 2020. The regulation empowers residents of California with enforceable rights over their personal information. The rules give California consumers the right to know what information is collected on them and how the data is used.
Additionally, the CCPA requires websites to inform users about which organizations they share their personal data with.
CCPA Cookie Consent Requirements
CCPA compliant cookie consent will include:
- Accept or Decline Cookies Button. While the CCPA doesn’t require opt-in consent, businesses should still choose to include a link that allows the user to accept cookies. Additionally, it’s considered best practice to inform the user about the data it collects. The cookie banner could include a link to the cookie settings or preference center where the users can choose to opt-in or out.
- Withdraw Consent. The consumer must have the ability to withdraw consent from the sale of their personal information at any time. It’s important that this option is easily accessible on the website.
CCPA Cookie Example
Opt-out Consent Example
Under the CCPA, opt-out consent is admissible. This means the preference center can automatically opt the user in, but still allows the user the opportunity to opt-out of cookies. Additionally, the implied consent model is permitted under the CCPA. It’s also acceptable for a website to say that the continued use of the site equals consent.
Do Not Sell Example
Does CCPA Require Cookie Consent?
The CCPA doesn’t require businesses to gain opt-in consent from users. However, it does require businesses to disclose what data is being collected by cookies and how it is being used.
But there are still exceptions. The CCPA does require opt-in consent to the sale of personal data for visitors 13 to 16 years of age. A website may be better off using an opt-in consent model unless they can be sure no one under the age of 16 visits their website.
Who Has to Apply to the CCPA?
The CCPA applies to businesses that collect data about Californians that meet one of the following three conditions:
- The business earns +$25 million in revenue
- It processes data of 50K consumers, households, or devices
- It derives at least 50% of its annual revenue from selling the personal information about California residents
Free CCPA Opt-Out Builder
Create a Do Not Sell notice to comply with CCPA Opt-Out requirements. CookiePro enables you to create and customize a sleek and actionable “Do Not Sell My Personal Information” link or button for your website. Also, it integrates with Google Ads Manager and the IAB CCPA Framework.