Understanding the CCPA for eCommerce: A Quick Overview for 2020

Understanding the CCPA: A Quick Overview

The latest legislation shaking up the eCommerce world is the CCPA (California Consumer Privacy Act). If you’re in eCommerce, you’ve probably heard of it. However, many are still playing catch-up, so we’re providing a straightforward overview to help you navigate it.

This guide will give you enough knowledge to hold your own in a CCPA-related conversation and, more importantly, determine if this law impacts your business and if there’s action required on your part.

This isn’t a deep dive. For those, both Magento and BigCommerce have solid guides you can check out.

If legal jargon is more your style, you can go straight to the source here.

What is CCPA?

The CCPA is a privacy law that grants California consumers the right to know and control how businesses use their personal data.

Magento summarized the consumer rights under CCPA as follows:

• Right to know the categories of personal information collected, used, shared, or sold over the past 12 months.
• Right to delete certain personal information held by a business and/or their service provider(s).
• Right to opt-out of the sale of their personal information.
• Right to non-discrimination in terms of price or service for exercising a privacy right under the CCPA.

Who does the CCPA apply to?

As of this writing, CCPA applies to businesses that meet any of the following criteria:

• Have annual gross revenue over $25 million.
• Buy, sell, or receive the personal information of 50,000+ consumers, households, or devices.
• Derive 50% or more of their annual revenue from selling consumer personal data.

While most online businesses will probably qualify under the law’s top-level criteria because they are for-profit, do business with California, and collect personal information (in the form of shopper and order data), some smaller businesses may not qualify because:

• their annual revenue is too low (less than $25 million / year),
• they're collecting information on fewer than 50,000 California consumers annually, and
• they derive less than 50% of their annual revenue from the sale of consumers’ personal information.

No matter where a business is located, they must comply with these requirements if they handle the personal information of California consumers.

For a more visual guide, BigCommerce has a helpful breakdown:

(Source: BigCommerce – Intro to CCPA)

Am I safe if I’m GDPR-compliant?

If your business is already compliant with GDPR, you might wonder how CCPA differs. While both are consumer privacy laws, there are enough differences in their definitions and requirements to warrant separate compliance efforts. Being GDPR-compliant doesn’t necessarily mean you're clear for CCPA.

For more details, BigCommerce explains the differences here.

My business needs to comply with CCPA. What now?

The CCPA went into effect on January 1, 2020. If California suspects your business is violating the CCPA, you could receive a notice of noncompliance. You’ll have 30 days to address the issue, but failure to comply could lead to fines of up to $7,500 per record. Those fines can accumulate quickly.

Fortunately, leading eCommerce platforms have published CCPA compliance guides for merchants. You’ll also want to coordinate with any third-party service providers that handle your customer data to ensure they are equipped for CCPA compliance.

What does CCPA mean for the future of eCommerce?

The CCPA, like GDPR, signals a growing emphasis on consumer data rights. This is not just limited to Europe and California; we can expect similar regulations to spread across other regions.

Merchants, platforms, and technology providers will need to prioritize compliance with evolving consumer protection laws. As these regulations grow, they will likely impact even smaller businesses.

Looking for help securing your eCommerce Website?

If you're unsure where to start with CCPA compliance for your eCommerce website, efelle creative is here to help. Our experienced team can guide you through the process and ensure your site meets the latest privacy standards. Reach out to us today by filling out our contact form or give us a call at 206.384.4909 to get personalized support for your CCPA journey. Let us help you protect your customers' data and keep your business compliant!