The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives California residents rights over their personal information. Unlike GDPR, CCPA uses an opt-out model for most data processing.
Does CCPA Apply to You?
CCPA applies if you do business in California AND meet one of these criteria: Annual gross revenue over $25 million, buy/sell data of 100,000+ consumers, or derive 50%+ revenue from selling personal information.
GDPR vs CCPA
| Aspect | GDPR | CCPA/CPRA |
|---|---|---|
| Consent Model | Opt-in required | Opt-out (mostly) |
| Default State | Cookies blocked | Cookies allowed |
| Key Right | Right to consent | Right to opt-out of sale |
| Scope | EU residents | California residents |
CCPA Compliance Checklist
"Do Not Sell or Share" link
Must be prominently displayed on your website
Privacy policy disclosures
Detail categories of personal information collected and purposes
Opt-out mechanism
Easy way for users to opt out of sale/sharing of data
Consumer request handling
Process for handling access, deletion, and correction requests
Penalties
CCPA violations can result in fines of $2,500 per unintentional violation and $7,500 per intentional violation. Consumers can also sue for data breaches ($100-$750 per incident).