The California Consumer Privacy Act (CCPA) is a law that applies to collection, processing, sale and overall use of any information that could apply to personal or household information of residents in the California area, and it has officially gone into effect as of January 2020. The essentials, as far as data processing and collection are concerned, are regarding supplying users with notice and option. In other words, companies are required to notify users if and when their personal data is collected, shared, processed or used, and also allow consumers the option to select to opt out of having their personal data used etc. The CCPA also dictates the right of users to require the immediate deletion of any data that had been processed or collected prior.
The CCPA applies only to specific companies that process or collect personal data from users. For the CCPA to apply to a company, that entity must make an annual revenue of over 25 million Dollars, or processes data of over fifty thousand California residents each year, or makes over 50% of its revenue from the sale of personal information.
- The right to be informed - Inform users of data use
- The right of access - Give users right to access the data being stored
- The right to portability - Allow users to transfer their data: copy, paste, and move accross systems.
- The right to deletion - Give users the right to request that data that has been collected be deleted.
- The right to opt-out - The option for users to request their data not be processed, used, or collected.
The subtext of the above is that according to the CCPA, prior consent is not necessary to obtain before collecting and processing users’ data, as we shall explain in further detail below. Is a company that is GDPR compliant necessarily CCPA compliant as well? The regulations of the CCPA are, as a general rule, more lenient and less far-reaching than the GDPR. Let’s look at the primary differences between these two regulations with regards to data collection.
There are three main differences between these two laws. The first main difference is the application of the law. The GDPR applies to any data collector, and does not have revenue requirements as the CCPA does. Another difference is the legality requirement. Under the GDPR once must have legal basis for data processing and collection. Legal basis could be anything that would give you the legal right to collect, for example: consent, contractual or legal obligation, vital or legitimate interest, or public task to name just a few. This requirement does not directly apply with the CCPA. Rather, under the CCPA the emphasis that is made concerns users’ opportunity to opting out. The CCPA allows for data collection and processing (regardless of the need for legal basis), as long as the company in question gives users the option to “opt out” of having their data shared or collected. The GDPR takes this one step further.
Under the GDPR, users must be given the right to clear and affirmative consent prior to any data collection or processing; a much more direct requirement from consumers, users, and/or any party involved to obtain confirmation before any of their data is processed or collected. This means, unlike the CCPA, with the GDPR everything must be upfront, and occur prior to any action being taken. Enabling the option to opt out is just not enough.
The CCPA collectively applies to all California residents, whereas the GDPR is applied all over the EU (to anyone inside the EU at the time of processing). There are also other countries and states with their own privacy laws. States including Maine and Nevada, and countries all across Latin America and even countries such as Mexico, have privacy laws, however none are so extensive and influential as the GDPR regulations.
Therefore, Shipbook’s full compliance of the GDPR means we are necessarily in compliance with all of the above as well.
At Shipbook we take privacy very seriously, and we have made it our priority to completely comply with all GDPR and CCPA regulations. So that no matter where your users are, you can count on us to keep their privacy safe and their data out of harm’s way.
*For more information on CCPA see our terms of services