What is CCPA?

CCPA was California's landmark privacy law, giving consumers significant control over their personal data. It's been strengthened by CPRA (California Privacy Rights Act) and has inspired similar laws nationwide.

Consumer Rights Under CCPA

Right to Know

• What personal info is collected
• Categories of sources
• Business/commercial purpose
• Categories of third parties shared with

Right to Delete

• Request deletion of personal data
• Some exceptions apply
• Must verify identity

Right to Opt-Out

• Stop sale of personal information
• "Do Not Sell My Personal Information" link required
• No need to explain why

Right to Non-Discrimination

• Can't deny goods/services
• Can't charge different prices
• Can't provide different quality
• (For exercising rights)

Who Must Comply

Businesses that:

• Annual gross revenue > $25 million, OR
• Buy/sell data of 100,000+ consumers, OR
• 50%+ revenue from selling personal info

AND

• Do business in California
• Collect California residents' data

Key Definitions

Personal Information

Broader than you might think:

• Identifiers (name, email, IP address)
• Commercial information
• Internet activity
• Geolocation data
• Employment information
• Inferences drawn about you

Sale

Includes sharing data for "valuable consideration"—not just money.

CCPA vs GDPR

Aspect	CCPA	GDPR
Scope	California residents	EU residents
Consent	Opt-out model	Opt-in required
Private right of action	Data breaches only	Broader
Fines	Up to $7,500/violation	Up to 4% revenue

Exercising Your Rights

1. Find company's privacy page
2. Look for "Do Not Sell" link
3. Submit request (may need to verify identity)
4. Company has 45 days to respond
5. Can appeal denials