?? Confused about the CCPA? Here’s what you need to do:
The California Consumer Privacy Act (CCPA) is the new privacy regulation out of California, United States, and it goes into effect on 1st January 2020. All privacy policies generated with iubenda are compliant with the CCPA, as they contain the option to easily apply the legal standards defined by the CCPA to Californian users.
When using this option, the CCPA related text and provisions will then be added to the documents you generate and only apply to users who you are required to offer the rights to. Additionally, when the CCPA option is enabled, the generator indicates which services are considered a sale under the CCPA’s definition.
The CCPA applies to for-profit businesses that target or could potentially have Californian customers, and that meet any one of the following conditions:
More on the CCPA here.
You can find the switch here:
The CCPA text option is disabled by default. This allows you to consider your specific case and choose accordingly.
As mentioned above, once the CCPA standards are enabled in the generator, the solution will also indicate and highlight services that may be considered to be a sale under the CCPA’s definition – as consumers must be able to identify and opt-out of these services.
To enable this option, simply make sure that you’ve enabled CCPA standards using the directions in the section above and the declaration will then be activated by default. In the services panel, whenever you add a service that could be considered a sale, the following checkbox will be made available. If the service has fields that require customization, you will see the checkbox within the usual customization screen (which typically appears after adding that service).
In cases where the service doesn’t require further customization, you’ll need to enter the edit screen in order to access the CCPA ‘sale’ checkbox. To do this (or to modify the CCPA sales checkbox after saving) simply click on the edit icon (pencil-shaped) and uncheck/check the option as need.
As the definition of a sale is a bit complicated under the CCPA, we’ve put defaults in place leaning towards “sale” being activated. However we strongly suggest double-checking against your situation by determining whether a specific activity is to be considered a sale or by consulting with a legal professional.
For an in-depth look at the CCPA definition of a sale, how we apply sale defaults in the generator, and “sale exceptions”, read the guide here.
If your processing activities constitute as sale (as mentioned above) under the CCPA, and this processing potentially includes the personal information of minors, you will need to make some additional disclosures by selecting from the following services within the generator.
Please note that 2) and 3) are not mutually exclusive, they can be used at the same time. Additionally, be sure to review your processes to ensure that you meet CCPA requirements regarding minors.
If you run a business that doesn’t operate exclusively online and has a direct relationship with the user, then you must indicate “two or more designated methods” for submitting CCPA requests. One of these methods must be a toll-free telephone number. You can easily add this information via the “Owner field” within the generator.
The CCPA also requires the following:
In addition to the above information, you can find a summary of the changes introduced to meet CCPA requirements here.