Beginning January 1, certain businesses must become compliant under the California Consumer Protection Act. The businesses that must follow suit meet one of the following criteria:
1) The business has annual gross revenues in excess of $25 million;
2) The business buys, receives, sells or shares the information of 50,000 or more California consumers, households, or devices annually;
3) The business earns more than half its annual revenue from selling consumers’ personal information.
If you meet any of these criteria you must become CCPA compliant by July 1, 2020 at the latest, which is when the state will start enforcing the law. Businesses that are found to be non-compliant, risk fines of $7,500 per intentional violation and $2,500 per unintentional violation, as well as opening themselves up to civil lawsuits.
We’re here to help
If you have questions about CCPA compliance as a blogger or website owner, ask a lawyer.
Does CCPA apply to me and my blog or website?
You might be thinking that you are in the clear if your blog or business does not have revenue over $25 million and you are not a data broker, but it is possible that your business meets the threshold of receiving the personal information of 50,000 California consumers. Personal information is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”, this broad definition includes browser history, purchase history, and IP addresses—all of which are often used in affiliate programs
If you participate in affiliate programs and your website reaches 50K California users per year, then it is likely that the CCPA applies to you. Along the same lines, if your website collects IP addresses (including via third-party analytics tools), which many do, you will likely meet the 50,000 user threshold quickly. If you have doubts about whether or not CCPA applies to you, it can be helpful to talk to a lawyer.
How can I prepare for CCPA compliance?
If you find that the CCPA does apply to your business venture, whether it is a blog or other website, you need to make a game plan on how to tackle compliance. Some of the state’s biggest technology companies are nervous about being compliant, but you can break down CCPA compliance into a few simple steps:
- Map data sources
- Review your privacy policy (if you have one)
- Update your privacy policy to be CCPA-compliant
- Place your opt-out link in a clear and conspicuous location on your website
One method of complying with the CCPA guidelines is to treat all consumers as if they were California residents, to avoid having different policies based on consumers’ geographical location. In an ever-mobile society, your business should be prepared to handle consumers’ data from every state and the most efficient way could be to create a single privacy policy that meets the standards of every state.
Looking into 2020 and beyond, bloggers and other online business owners should expect additional states to enact their own data privacy regulations and they should be ready to amend their online privacy policy agreements to reflect any new guidelines that may arise.
If you have questions about creating or updating your online privacy policy, ask a lawyer.
