Understanding the California Consumer Privacy Act (CCPA) for E-commerce

By |

eCommerce,

The year of 2018 has been a year of significant importance with data privacy and personal information protection with the introduction of the EU’s GDPR. Followed by it is the CCPA, i.e., California Consumer Privacy Act announced in 2018.

The CCPA will be regulated and come into action in January 2020. So now is the high time to learn everything about CCPA if you are into a business that is a part of the California economy even remotely!

Moreover, if you an online business, there is no escape to make it CCPA compatible as California is home to the largest online economy in the world.

Often coined as California’s GDPR, the California Consumer Privacy Act is defined by CSOOnline as:

“AB 375 allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.”

All the businesses that serve the California residents with at least $25 million annual revenue must comply with CCPA. So even if you are an online business outside of California but you have customers resident in California, you cannot escape!

So how does CCPA affect E-commerce businesses?

Let’s understand in brief.

What rights do the California resident enjoy under CCPA:

  • Know which categories of personal information is collected and sold
  • Know from whom that information is collected, shared and sold.
  • Request not to sale the personal data
  • Request to delete their personal data
  • Access their personal data.
  • Not be discriminated against for exercising their privacy rights.

Do the provisions of CCPA apply to all the E-commerce businesses in California?

The major provisions of the act apply to the businesses when any of the following conditions is true:

  • Enjoys an annual gross revenue of $25 million or more
  • Obtain personal data of at least 50,000 California residents, households or devices per year
  • Earn at least 50 per cent of annual revenue from selling California residents’ personal data

and applies to all the businesses that:

  • Conduct business in California, even if it’s only online
  • Collect personal data of California residents

What is the definition of personal information as per the California Consumer Privacy Act?

  • Internet browsing history
  • Demographic information:
    • Name
    • Phone number
    • Mailing address
    • Email address
  • Social security number
  • Account numbers
  • Driver’s license
  • Passport numbers
  • Education and employment histories
  • Biometric data

What Companies Must Comply With the CCPA?

You think you can avoid compliance with CCPA because you an online store somewhere in India or Singapore or anywhere that is not California?

You are wrong!

An E-commerce store does not have to be located in California to be subject to the California Consumer Privacy Act! It is compulsory to follow CCPA if you are offering products or services online to the California residents.

An E-commerce store based in Delhi or Los Angeles is still a subject to the CCPA if its shopper is a California resident.

What steps do E-commerce businesses need to take for CCPA Compliance?

It is quite reasonable for an online store to collect the personal information of the users. However, with the debut of CCPA coming nearer, you need to update the policies of your E-commerce store and here are some of the points that will be helpful:

  • Revise the privacy policy such that CCPA requires.
  • Audit the data you collect from the customers and how you manage it.
  • Place a link on the site with a label “Do Not Sell My Personal Information”
  • The categories of third parties with whom your business shared the personal information.
  • Plan a systematic approach to processing customers’ requests for information and deletion requests.
  • Notifying the customers about updates in the privacy policy and their rights.
  • Obtain prior permission from minors 13-16 years old before selling their data. For children younger than 13 you must get prior permission from their parents

What is the penalty for an E-commerce business that violates CCPA?

  • Businesses will be fined $2,500 per unintentional violation if it fails to fix the issue within 30 days.
  • Intentional non-compliance will lead to a maximum fine of US $7,500 per violation.
  • A consumer has the right to take private action such as file a civil suit against a business violating CCPA with their personal data.
  • Statutory damages for such civil cases have a minimum of $100 USD and a ceiling of $750 USD per consumer per incident
  • Moreover, any other declaratory, injunctive, and other relief the court deems proper.

Embrace CCPA For Competitive Advantage:

As an online business, accept the law positively and leverage it for being ahead in the competition. Offer the best quality service when it comes to protecting your customers’ personal data and be responsible for it.

Let the customers feel the transparency in business and communicate with them to encourage customer trust and gain their loyalty!

5
(based on 9 Reviews)
Understanding the California Consumer Privacy Act (CCPA) for E-commerce

Shivbhadrasinh Gohil

Shivbhadrasinh is the Co-founder & Chief Marketing Officer at Meetanshi. He leads the marketing team and is the person behind the marketing & branding success of the company. Being a seasoned digital marketer, he has been consulting online businesses for growth since 2010 and has helped 100+ clients with digital marketing success.

He loves sharing tips and insights about the latest digital marketing trends aimed at helping online business owners.

Leave a Reply

Your email address will not be published. Required fields are marked *