šŗšø US-California
Informations
Extracts :
Extract :
Only California residents have rights under the CCPA. A California resident is a natural person (as opposed to a corporation or other business entity) who resides in California, even if the person is temporarily outside of the state.
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"The CCPA and CPRA are similar to the GDPR in that they apply to entities with a presence within the respective territories. The GDPR, however, applies to natural persons regardless of their nationality, whereas the CCPA and CPRA are more limited in scope, applying solely to California residents and entities doing business in the state of California."
2022
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
The CCPA (CPRA) says the same thing, but less explicitly. It defines a "business" as a legal entity that, along with other characteristics, "does business in the State of California." The Act doesn't refer only to businesses are established in California, or whose headquarters or in California - it applies to anyone who does business in California.
2023
Reference :
How the CCPA (CPRA) is Similar to the GDPR
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"The CCPA and CPRA are limited solely to California residents and entities doing business in the state of California,
while activities that occur wholly outside of California
fall outside of the purview of the CCPA and CPRA."
2022
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
The CCPA applies to for-profit businesses that do business in California and meet any of the following:
Have a gross annual revenue of over $25 million;
Buy, sell, or share the personal information of 100,000 or more California residents, households, or devices; or
Derive 50% or more of their annual revenue from selling California residentsā personal information.
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
Data Controller/Business
The GDPR is aimed in part at "data controllers." A data controller "alone, or jointly with others, determines the purposes and means of the processing of personal data."
The CCPA (CPRA) is aimed squarely at "businesses." "Business" in the CCPA (CPRA) means a very specific type of business, with very specific characteristics. Some of these characteristics have to do with total annual revenue and/or core activities.
Importantly, one of these characteristics is - you guessed it - that it "alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information."
The significance here is that both laws are trying to regulate the activities of the sorts of companies that decide how and why people's personal information should be processed. This element of control is what unites the definitions.
Data Processor/Service Provider
Where the GDPR says "data processor," the CCPA (CPRA) refers to a "service provider."
A "data processor" in the GDPR is a person or organization that "processes information on behalf of the [data] controller."
A "service provider" in the CCPA (CPRA) is a "legal entity that [...] that processes information on behalf of a business [...]"
The two terms refer to companies that are carrying out the same sorts of tasks.
2023
Reference :
How the CCPA (CPRA) is Similar to the GDPR
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"There is an exception in the CaCPA for conduct that takes place wholly outside of California but it is very narrow. Controllers that do not ādo business in Californiaā are outside of the scope of the CaCPA, even if they monitor the behavior of residents, so long as such monitoring cannot be considered ādoing business in California.ā"
2018
Reference :
The California Consumer Privacy Act 2018 (CCPA) v. GDPR: The matchup
Information on territorial scope of CCPA
Link to reference Extracts :
Extract :
"Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumerās health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to also limit a businessās use and disclosure of their sensitive personal information."
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumerās health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to also limit a businessās use and disclosure of their sensitive personal information."
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumerās health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to also limit a businessās use and disclosure of their sensitive personal information."
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumerās health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to also limit a businessās use and disclosure of their sensitive personal information."
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"POPIA will apply not only to responsible parties domiciled in South Africa but also to responsible parties outside of South Africa that use means to process in South Africa (unless such means are only used to forward the information through South Africa)."
2023
Reference :
South Africa Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
California Consumer Privacy Act (CCPA) ā Full Text
Official website
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
California Consumer Privacy Act (CCPA) ā Full Text
Official website
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
California Consumer Privacy Act (CCPA) ā Full Text
Official website
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
California Consumer Privacy Act (CCPA) ā Full Text
Official website
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
California Consumer Privacy Act (CCPA) ā Full Text
Official website
Link to reference Extracts :
Extract :
"However, a business that has received direction from a consumer not to sell or share their personal information or, in the case of a minor consumer's personal information has not received consent to sell or share the minor consumer's personal information, will be prohibited from selling or sharing the consumer's personal information after its receipt of the consumer's direction, unless the consumer subsequently provides consent for the sale or sharing of their personal information (Ā§1798.120(d) of the CCPA as amended).
In relation to sensitive personal information, where a business receives a request from a consumer not to use or disclose their sensitive personal information, except where exceptions apply, is prohibited from using or disclosing the consumer's sensitive personal information for any other purpose after receipt of the request. The business can only use or disclose the consumer's sensitive personal information if they subsequently provide consent for the use or disclosure of their sensitive personal information for additional purposes (Ā§1798.121(b) of the CCPA as amended).
The revised CCPA Regulations provide more specific principles for designing and implementing requirements associated with obtaining consumer consent. These principles include (Ā§7004(a) of the revised CCPA Regulations):
the method is easy to understand;
consumers having symmetry in choice;
avoid language or interactive elements that are confusing;
avoid choice architecture that impairs or interferes with the consumer's ability to make a choice; and
Must be easy to execute.
The revised CCPA Regulations further highlight that a method that does not comply with the above will be considered a dark pattern, and any agreement obtained through the use of dark patterns will not constitute valid consent (Ā§7004(b) of the revised CCPA Regulations)."
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"to the extent technically feasible, export to the individual or directly to another entity the covered data of the individual that is processed by the covered entity, including inferences linked or reasonably linkable to the individual but not including other derived data, without licensing restrictions that limit such transfers inā(A) a human-readable format that a reasonable individual can understand and download from the internet; and (B) a portable, structured, interoperable, and machine-readable format"
2022
Reference :
HR 8152
ADPPA - USA Federal law on data protection
Link to reference Extracts :
Extract :
Extracts :
Extract :
"The CCPA does not provide for a maximum penalty amount that can result for the imposition of several penalties for each violation. Depending on the violation, the penalty
that can be issued may be up to $2,500 for each violation; $7,500 for each intentional violation, or violations involving the personal information of consumers whom the business, service provider, contractor, or other person has actual knowledge is under 16 years of age."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
There is no information on criminal penalties in CCPA/CPRA.
Extracts :
Extract :
"The CCPA and CPRA provide individuals with a cause of action to seek damages for violations of the law with regard to security measures violations and data breaches."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The GDPR allows Member States to provide for the possibility for data subjects to give a mandate for representation to a not-for-profit body, association, or organisation that has as its statutory objective the protection of data subject rights. The CCPA/CPRA do not contain a similar provision."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"Individuals are provided with a cause of action to seek damages for privacy violations under both the GDPR, and the CCPA with its amendments by the CPRA. In addition, both laws allow for class or collective actions to be brought against organisations violating the laws."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"As detailed above, the CCPA and CPRA provide consumers with a cause of action, where they can institute a civil action where their nonencrypted and nonredacted personal information is subject to an unauthorised
access and exfiltration, theft, or disclosure as a result
of the business's violation of the duty to implement and maintain reasonable security procedures and practices."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
There is no information on criminal penalties in CCPA/CPRA.
Extracts :
Extract :
Extracts :
Extract :
"The CCPA and CPRA do not explicitly refer to 'DPIAs'. However, it is contemplated that there are annual audits in cases
where businesses whose processing of personal information presents risks to consumers, in addition to risk assessments. However, certain concepts, like proportionality and necessity, remain as concepts as it pertains to collection at the outset.
This will change under the CPRA, which requires the AG to solicit broad public participation and adopt regulations on, among other things, requiring businesses whose processing of consumers' personal information presents significant risk to consumers' privacy or security, to: (a) perform a cybersecurity audit on an annual basis; and (b) submit to the CPPA on a regular basis a risk assessment with respect to their processing of personal information."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"Specific obligations regarding security have not been implemented. Ultimately, as 'reasonable security' can vary based on what information is collected, and what information needs to be disclosed, the measure of the security will vary and so, solid guidelines or methods to determine what is 'reasonable' is unavailable."
2022
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"You must report a data security breach to those whose information was compromised because of that breach. Additionally, businesses must notify the California's Attorney General's office if the data breach impacts more than 500 California residents."
2023
Reference :
California Data Security Breach Reporting Requirements
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"You must report a data security breach to those whose information was compromised because of that breach. Additionally, businesses must notify the California's Attorney General's office if the data breach impacts more than 500 California residents."
2023
Reference :
California Data Security Breach Reporting Requirements
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"The CCPA/CPRA do not contain a similar requirement, and notices are covered under a separate provision under California law, specifically under Section 1798.82 of Title 1.81. of Part 4 of Division 3 of the Cal. Civ. Code."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The term 'businesses' under the CCPA/CPRA bears similarity with the GDPR's 'data controllers', where both are responsible for
complying with specific obligations with respect to their processing of data. However, one difference is that the GDPR places more
responsibility and detailed obligations on 'data processors' which process personal data on behalf of data controllers, compared to
the comparable 'service providers' under the CCPA/CPRA"
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The term 'businesses' under the CCPA/CPRA bears similarity with the GDPR's 'data controllers', where both are responsible for
complying with specific obligations with respect to their processing of data. However, one difference is that the GDPR places more
responsibility and detailed obligations on 'data processors' which process personal data on behalf of data controllers, compared to
the comparable 'service providers' under the CCPA/CPRA"
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA require that reasonable security
measures are enacted to ensure that information is adequately
protected, including verification of consumer requests."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"Whilst, again, it is somewhat narrower in scope, the CCPA (CPRA) also provides Californians with this right as part of the "right of access" (above). When a consumer requests a copy of their information: "the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit this information to another entity without hindrance."
2023
Reference :
How the CCPA (CPRA) is Similar to the GDPR
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"The CCPA as amended does not explicitly refer to a right not to be subject to automated decision-making.
However, the CCPA as amended stipulates that the AG may adopt regulations in areas that include the governing of access and opt-out rights with respect to business' use of automated decision-making technology, including profiling and requiring businesses' response to access requests to include meaningful information about the logic involved in such decision-making processes, as well as a description of the likely outcome of the process with respect to the consume (Ā§1798.185(a)(16) of the CCPA as amended).
"
2023
Reference :
California Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA both provide consumers with a right
to know what personal information is being collected about
them, as well as a right to access their personal information."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"Businesses must have opt-in consent to sell or share the personal information of consumers under the age of 16 if they have actual knowledge that a consumer is under the age of
16. For consumers at least 13 years of age and less than 16 years of age, the child's parent or guardian must affirmatively authorise the sale or sharing of the child's personal information. A business that willfully disregards the consumer's age shall be deemed to have had actual knowledge of the consumer's age."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA both provide consumers with a right
to know what personal information is being collected about
them, as well as a right to access their personal information."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CPRA will amend the CCPA to require businesses
to comply with consumers' requests to rectify their personal information, and are required to rectify
any inaccurate or incomplete information."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"Both the CCPA and the GDPR provide individuals with a right to request access to their personal information and a right to request the deletion of their personal information."
2020
Reference :
Are the verification requirements for access and deletion requests the same under the CCPA as they are under the GDPR?
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"As noted above, a consumer has the right to withdraw their consent from your data processing activities at any moment. Additionally, it's your responsibility to make that removal of permission easy. A rule of thumb is that the ability to withdraw consent must be as simple as giving consent."
2023
Reference :
How the CCPA (CPRA) is Similar to the GDPR
Information on California's data protection regulation
Link to reference Extracts :
Extract :
"You can direct businesses to only use your sensitive personal information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested. The California Privacy Protection Agency is currently engaged in a formal rulemaking process and has proposed CCPA regulations pertaining to the right to limit, but these are not currently final or effective."
2023
Reference :
California Consumer Privacy Act (CCPA)
Official website| Information on California's data protection regulations
Link to reference Extracts :
Extract :
"The CCPA/CPRA permits the transfer of information in the
event that the recipient entity is obligated to provide the same
level of privacy protection required under the Statute."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA/CPRA do not explicitly address transfer
mechanisms. Instead, transfers of personal data to third
parties are conditioned on the third party providing the
same level of protection of the consumer's rights."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The following legal grounds, among others,
are applicable to the transfer of personal data,
though vary depending on the situation:
ā¢ consent;
ā¢ compliance with legal obligations that
the business is subject to;
ā¢ engaging in public or peer reviewed scientific,
historical, or statistical interest; and
ā¢ exercise or defence of legal claims."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA/CPRA do not explicitly address transfer
mechanisms. Instead, transfers of personal data to third
parties are conditioned on the third party providing the
same level of protection of the consumer's rights."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA as amended does not contain provisions explicitly relating to cross-border data transfers and/or data localisation. "
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA as amended does not contain provisions explicitly relating to cross-border data transfers and/or data localisation. "
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The EU Adequacy Decision allows the DPF to go into effect immediately, allowing organizations in the EEA to transfer personal data to U.S. companies that self-certify to the DPF. The DPF is based on a system of self-certification where U.S. organizations commit to a set of privacy principles identified by the Department of Commerce ("DoC") . These Principles address certain fundamental data privacy principles such as notice, choice (ability to opt out), accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse.
The new safeguards and redress measures controlling personal data collected by U.S. intelligence agencies also have become effective. The safeguards provide detailed guidelines and procedures governing access to personal data, including subpoena and warrant requirements. In addition, the redress measures available to individuals includes investigation of complaints by U.S. Civil Liberties Protection Officers, with appeals going to a newly created Data Protection Review Court. "
2023
Reference :
US and EU Approve Framework for Personal Data Transfers
Information on EU-US data transfer | White & Case
Link to reference Extracts :
Extract :
"colloquially referred to as Convention 108+, was signed by Austria, Belgium, Bulgaria, Czech Republic, Estonia, Finland, France, Germany, Ireland, Latvia, Lithuania, Luxembourg, Monaco, Netherlands, Norway, Portugal, Spain, Sweden, the U.K., and by Uruguay, one of the six non-European states that have so far joined Convention 108. The other five non-European states are Cape Verde, Mauritius, Mexico, Senegal and Tunisia. Another three countries ā Argentina, Burkina Faso and Morocco ā have also been invited to accede to the treaty."
2018
Reference :
What does the newly signed 'Convention 108+' mean for UK adequacy?
List of countries in the Convention 108
Link to reference Extracts :
Extract :
"The CCPA as amended does not contain provisions explicitly relating to cross-border data transfers and/or data localisation. "
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
Since the APEC applies to the USA Federal, it is assumed that it applied to all states as well.
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
"The CCPA as amended does not contain provisions explicitly relating to cross-border data transfers and/or data localisation. "
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA as amended does not contain provisions explicitly relating to cross-border data transfers and/or data localisation. "
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA as amended does not contain provisions explicitly relating to cross-border data transfers and/or data localisation. "
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
There is no information on this in the legal text.
Extracts :
Extract :
"The CCPA and CPRA do not include a requirement
for businesses to appoint a DPO."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA do not include a requirement
for businesses to appoint a DPO."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA do not include a requirement
for businesses to appoint a DPO."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA do not include a requirement
for businesses to appoint a DPO."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extracts :
Extract :
There is no information on this.
2022
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extract :
Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extract :
Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extract :
Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extract :
Extracts :
Extract :
"In general, CCPA privacy policies are required to include a description of consumer rights, methods for exercising those rights, contact information, and the date the policy was last updated. Also be sure to specify that the privacy policy is limited in scope and applies only to California residents.
CCPA privacy policies should include:
A description of California consumer privacy rights, including:
The right to know (request disclosure of) personal information collected or sold.
The right to deletion of personal information collected from the consumer.
The right to nondiscriminatory treatment for exercising any rights.
The right to opt out of the sale of personal information (if applicable).
The right to opt in to the sale of personal information of minors (if applicable).
An explanation of designated methods for exercising consumer rights.
Instructions for submitting a verifiable consumer request.
A description of the process used to verify consumer requests.
Instructions on how an authorized agent can make a request on a consumerās behalf.
A statement of whether the business sells personal information and, if it does, notice of the right to opt out or a āDo Not Sell My Personal Informationā link.
Categories of personal information collected about consumers in the past 12 months.
Categories of personal information disclosed for a business purpose or sold to third parties in the preceding 12 months.
Categories of sources from which personal information is collected.
Categories of third parties to whom personal information was disclosed or sold.
The business purpose or commercial purpose for collecting or selling personal information.
A statement of whether the business has actual knowledge that it sells the personal information of minors.
Contact information for questions or concerns about the businessā privacy policy or practices.
The date the CCPA privacy policy was last updated."
2023
Reference :
What Is a CCPA Privacy Policy? Do You Need One?
Information on California's privacy notice | Bloomberg
Link to reference Extract :
Extracts :
Extract :
Extracts :
Extract :
"Entities subject to the CCPA are required to maintain
records of verifications of requests and to provide a
general guideline of what information is collected."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA and CPRA do not set a minimum employee number
in order for businesses to be subjected to their provisions."
2023
Reference :
California Data protection overview | DataGuidance
(Data Protection Overview 2023)/ DataGuidance reports
Extracts :
Extract :
"The CCPA (CPRA) is not as strict as the GDPR when it comes to cookie compliance for businesses. This is mainly because the CCPA (CPRA) uses an opt-out consent model. In other words, you can store cookies on a consumer's device without their consent once they visit your website. However, you must provide a way for consumers to opt out of the sale of personal information collected through cookies."
2023
Reference :
CCPA (CPRA) Requirements for Businesses That Use Cookies
Information on California's data protection regulation
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| California Privacy Protection Agency | CPPA | Regulator | Govt authority/ministry | 2020 |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|---|---|---|---|---|---|---|---|
| CPRA | California Consumer Privacy Act | General privacy/data protection law | 2018 | Active | 2022 | New rights, enforcement, etc | 2023 |