The California Consumer Privacy Act (CCPA) is a data privacy law that went into effect on January 1, 2020. It applies to for-profit companies that do business in California and meet certain criteria, such as having annual gross revenues of over $25 million, or buying, selling, or sharing the personal information of at least 50,000 consumers, households, or devices.
The CCPA gives California consumers the right to request that a business disclose what personal information it has collected about them, and to request that the business delete their personal information. Consumers also have the right to opt out of the sale of their personal information, and to not be discriminated against for exercising their privacy rights.
The CCPA requires businesses to provide a clear and conspicuous link on their homepage titled "Do Not Sell My Personal Information," which allows consumers to opt out of the sale of their personal information. Businesses must also disclose what personal information they have collected about consumers, and for what purposes, upon request.
In addition to these rights for consumers, the CCPA also requires businesses to implement reasonable security measures to protect personal information from unauthorized access, disclosure, or misuse. It also prohibits businesses from selling the personal information of minors under the age of 16 without their opt-in consent.
Overall, the CCPA is a significant data privacy law that gives California consumers new rights and protections when it comes to their personal information. It also imposes new obligations on businesses to be transparent about their data collection and use practices, and to implement reasonable security measures to protect personal information.