How to make your website compliant with CCPA
California Consumer Privacy Act (aka CCPA) is the set of rules around consumer data that came into force on January 1, 2020, in California, US. It regulates how businesses, including online companies, handle personal information in that state.
The CCPA applies to your business if it operates in California, US and either:
- It makes at least $25 million in annual revenue.
- It collects data on more than 50,000 users annually.
- It makes more than half its money off of selling data of California residents.
If your company falls into this category, you need to apply certain information and mechanisms on your website, and Piwik PRO can help you accomplish that.
Check the number of visitors from California
But before we show you the guidelines, you can check if your website collects data from more than 50,000 users in California annually.
To find this information in Piwik PRO, follow these steps:
- Go to Menu > Analytics (new).
- Navigate to Reports.
- On the left, click Location.
- Select a date range that will show the last year.
- Click United States to view a nested dimension with data from the state.
- Note the number of visitors from California.
Tip: See how visitors are counted in Piwik PRO.
Apply data privacy settings
According to the CCPA, visitors of your website should be able to see what data you’ve collected about them, have that data deleted, and opt out of the company that sells it to third parties.
So here’s what your website should have:
Note: Make sure that Respect visitor privacy is turned on for each tag connected to third-party tools that profit off of user data, for example, Google Ads, Facebook Ads, data management platforms, and other ad platforms. Also, some free services that you use on your website, like social share buttons, may monetize data from sites where they are embedded.
- Additionally, if your website has minors under the age of 16 among its users, they need to consent to data collection if data are sold or disclosed to third parties. If the minor is under the age of 13, a parent or legal guardian must opt in for him. For that, you can use a modal or bottom consent form in Consent Manager.
Personal information according to CCPA
The CCPA defines personal information as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” (1798.140.o1).
So according to the CCPA, this data is treated as personal information:
- Direct identifiers: real name, alias, postal address, social security numbers.
- Unique identifiers: cookies, IP addresses, and account names.
- Geolocation data: location history.
- Internet activity: browsing history, search history, data on the interaction with a website or app.
- Biometric data: face and voice recordings.
- Sensitive information: health data, personal characteristics, behavior, religious or political convictions, sexual preferences, employment and education data, and financial and medical information.
Data that is anonymous or aggregated is exempt from the CCPA unless it can be re-identifiable.
When you use Piwik PRO on your website, you need to be aware that you’ll:
- Use first-party cookies to collect data and run scripts on your website. All cookies are described in this article.
- Collect data that are described in this article.
- Share collected data with third-party tools if you use Google Ads or Facebook Pixel tag or other advertising tools connected to Piwik PRO.
- Combine collected data with other data and create audiences based on collected data if you use Audience Manager.