Does CCPA apply to me and my blog or website?
You might be thinking that you are in the clear if your blog or business does not have revenue over $25 million and you are not a data broker, but it is possible that your business meets the threshold of receiving the personal information of 50,000 California consumers. Personal information is defined as "information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household", this broad definition includes browser history, purchase history, and IP addresses—all of which are often used in affiliate programs
If you participate in affiliate programs and your website reaches 50K California users per year, then it is likely that the CCPA applies to you. Along the same lines, if your website collects IP addresses (including via third-party analytics tools), which many do, you will likely meet the 50,000 user threshold quickly. If you have doubts about whether or not CCPA applies to you, it can be helpful to talk to a lawyer.
How can I prepare for CCPA compliance?
If you find that the CCPA does apply to your business venture, whether it is a blog or other website, you need to make a game plan on how to tackle compliance. Some of the state's biggest technology companies are nervous about being compliant, but you can break down CCPA compliance into a few simple steps:
- Map data sources
- Review your privacy policy (if you have one)
- Update your privacy policy to be CCPA-compliant
- Place your opt-out link in a clear and conspicuous location on your website
One method of complying with the CCPA guidelines is to treat all consumers as if they were California residents, to avoid having different policies based on consumers' geographical location. In an ever-mobile society, your business should be prepared to handle consumers' data from every state and the most efficient way could be to create a single privacy policy that meets the standards of every state.
Looking into 2020 and beyond, bloggers and other online business owners should expect additional states to enact their own data privacy regulations and they should be ready to amend their online privacy policy agreements to reflect any new guidelines that may arise.
If you have questions about creating or updating your online privacy policy, ask a lawyer.
This article contains general legal information and does not contain legal advice. Rocket Lawyer is not a law firm or a substitute for an attorney or law firm. The law is complex and changes often. For legal advice, please ask a lawyer.
