California Privacy Law

CCPA Compliance Made Simple — 100% Automatic

✓ Avoid $7.5K+ CCPA Fines Automatically
✓ "Do Not Sell" Button Built-In
✓ California Visitor Auto-Detection

See CCPA Compliance In Action

Watch how our solution automatically handles California privacy law compliance

Automatic Compliance Verification

Compliance Checklist — Live Verification

Watch as we verify each compliance requirement in real-time

Express Consent

Users must actively opt-in to cookies

Granular Controls

Users can choose specific cookie categories

Easy Withdrawal

Users can change preferences anytime

Consent Logging

All consent decisions are recorded

Bilingual Support

Available in English and French

Regional Rules

Different rules for different provinces

Compliance Progress0%

Consent Flow Comparison

Consent Flow Comparison

See the difference between compliant and non-compliant approaches

Pre-checked Boxes

All cookies are already enabled by default

Forced Acceptance

Users must accept all cookies to use the site

No Granular Control

Users cannot choose specific cookie types

€20M+ Fine Risk

Violates GDPR Article 7 - Invalid consent

Non-Compliant Approach

This approach violates GDPR Article 7 and can result in fines up to €20 million or 4% of annual revenue.

❌ Common Mistakes
  • • Pre-checked consent boxes
  • • "Accept or leave" approach
  • • No granular controls
  • • Hard to find withdrawal option
✅ Best Practices
  • • Clear opt-in required
  • • Granular cookie controls
  • • Easy preference changes
  • • Plain language explanations

Banner Text Examples

Banner Text Comparison

See how different wording affects user trust and compliance

Legal Jargon

This website utilizes cookies and similar tracking technologies in accordance with applicable data protection legislation to enhance user experience and provide personalized content delivery mechanisms.
Why this fails: Too complex and legalistic. Users won't understand what they're agreeing to.

Vague Language

We use cookies to improve your experience. By continuing to use this site, you agree to our use of cookies.
Why this fails: Doesn't explain what cookies are used for or give users control.

Forced Acceptance

This site uses cookies. You must accept cookies to continue using this website.
Why this fails: Forces acceptance without giving users a real choice.

What Makes Text Bad

• Legal jargon
• Vague purposes
• No user control
❌ Avoid These
  • • "In accordance with applicable legislation"
  • • "By continuing to use this site..."
  • • "We reserve the right to..."
  • • Technical jargon users don't understand
✅ Use These Instead
  • • "We use cookies to..."
  • • "You can choose which cookies..."
  • • "This helps us..."
  • • Simple, friendly language

"Do Not Sell" Button

California Privacy Rights

You have the right to opt-out of the sale of your personal information.

What is CCPA/CPRA?

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) - California's comprehensive privacy laws

CCPA (California Consumer Privacy Act)

Effective January 1, 2020
  • • Applies to businesses that collect California residents' personal information
  • • Requires disclosure of data collection and use practices
  • • Grants consumers right to know, delete, and opt-out of sale
  • • Requires "Do Not Sell My Personal Information" link

CPRA (California Privacy Rights Act)

Effective January 1, 2023
  • • Expands CCPA with additional consumer rights
  • • Adds right to correct inaccurate personal information
  • • Introduces right to limit use of sensitive personal information
  • • Creates California Privacy Protection Agency (CPPA)

Who Must Comply?

Business Requirements (Any of the following)

  • • Annual gross revenues > $25 million
  • • Buys/sells/shares personal information of 100,000+ consumers
  • • Derives 50%+ of annual revenue from selling personal information

Cookie-Specific Requirements

  • • Collects personal information through cookies
  • • Uses cookies for advertising/targeting
  • • Shares cookie data with third parties
  • • Sells personal information obtained through cookies

Consumer Rights Under CCPA/CPRA

Understanding the rights California consumers have regarding their personal information

Right to Know

Consumers have the right to know what personal information is collected, used, shared, or sold.

Right to Delete

Consumers can request deletion of their personal information, subject to certain exceptions.

Right to Opt-Out

Consumers can opt-out of the sale or sharing of their personal information.

Right to Correct

Consumers can request correction of inaccurate personal information (CPRA addition).

Right to Limit Sensitive Information

Consumers can limit the use of sensitive personal information (CPRA addition).

Right to Non-Discrimination

Businesses cannot discriminate against consumers who exercise their privacy rights.

"Do Not Sell My Personal Information" Requirements

Critical compliance requirements for businesses that sell or share personal information

What Constitutes "Sale" Under CCPA?

Sale Includes

  • Exchanging personal information for monetary consideration
  • Sharing data with third parties for advertising
  • Allowing third parties to collect data on your site
  • Data sharing for cross-context behavioral advertising

Not Considered Sale

  • Sharing with service providers under contract
  • Sharing with affiliates under common control
  • Disclosure required by law
  • Business transfers (mergers, acquisitions)

1"Do Not Sell" Link Requirements

  • Must be prominently displayed on your website homepage
  • Link text must include "Do Not Sell My Personal Information" or "Do Not Sell or Share My Personal Information"
  • Must be accessible from all pages where personal information is collected
  • Cannot be hidden in privacy policy or footer
  • Must be easily accessible on mobile devices

2Opt-Out Mechanism Requirements

  • Must provide at least two methods for consumers to opt-out
  • One method must be a toll-free phone number
  • Alternative methods include webform, email, or postal mail
  • Must honor opt-out requests within 15 business days
  • Cannot require consumers to create an account to opt-out

3Cookie-Specific Considerations

  • Third-party cookies used for advertising likely constitute "sale"
  • Analytics cookies shared with third parties may be "sale"
  • Social media widgets that track users may be "sale"
  • Consider implementing Global Privacy Control (GPC) signals
  • Cookie banners should include opt-out options

CCPA/CPRA Cookie Implementation Guide

Step-by-step guide to implementing CCPA/CPRA-compliant cookie consent

1Assess Your Data Practices

Determine if CCPA/CPRA applies to your business:

  • Calculate annual revenue and data collection thresholds
  • Identify all personal information collected through cookies
  • Determine if you "sell" or "share" personal information
  • Map data flows to third parties

2Update Privacy Policy

Enhance your privacy policy with CCPA/CPRA required disclosures:

  • Categories of personal information collected
  • Sources of personal information
  • Business or commercial purposes for collection
  • Categories of third parties with whom information is shared
  • Consumer rights and how to exercise them

3Implement Opt-Out Mechanisms

Set up required opt-out mechanisms:

  • Add "Do Not Sell" link to website homepage
  • Implement opt-out webform or other methods
  • Provide toll-free phone number for opt-outs
  • Process opt-out requests within 15 business days
  • Implement Global Privacy Control (GPC) support

4Cookie Consent Management

Implement cookie consent that supports CCPA/CPRA rights:

  • Provide granular opt-out options for cookie categories
  • Honor opt-out requests immediately
  • Block third-party cookies when opt-out is exercised
  • Maintain records of consumer choices
  • Provide easy access to change preferences

CCPA/CPRA Penalties and Enforcement

Understanding the consequences of non-compliance

Penalties

Intentional Violations

Up to $7,500 per violation

For intentional violations of CCPA

Unintentional Violations

Up to $2,500 per violation

For unintentional violations of CCPA

CPRA Violations

Up to $7,500 per violation

For violations involving minors under 16

Enforcement

  • California Attorney General enforcement
  • California Privacy Protection Agency (CPPA) enforcement
  • Private right of action for data breaches
  • 30-day cure period before penalties
  • Regular enforcement actions and settlements

Ready to Get CCPA/CPRA Compliant?

Our cookie consent solution makes California privacy law compliance simple and automatic. Get started in minutes.