đź’ˇ Confused about the CCPA? Here’s what you need to do:
The California Consumer Privacy Act (CCPA) is the new privacy regulation out of California, United States, and it went into effect on 1st January 2020. All privacy policies generated with iubenda are compliant with the CCPA, as they contain the option to easily apply the legal standards defined by the CCPA to Californian users.
When using this option, the CCPA related text and provisions will then be added to the documents you generate and only apply to users who you are required to offer the rights to. Additionally, when the CCPA option is enabled, the generator indicates which services are considered a sale under the CCPA’s definition.
The CCPA applies to for-profit businesses that target or could potentially have Californian customers, and that meet any one of the following conditions:
More on the CCPA here.
If you are a for-profit business that potentially has users based in California, United States, we strongly suggest that you enable the CCPA text in the Privacy policy generator.
You can find the switch here:
The CCPA text option is disabled by default. This allows you to consider your specific case and choose accordingly.
As mentioned above, once the CCPA standards are enabled in the generator, the solution will also indicate and highlight services that may be considered to be a sale under the CCPA’s definition – as consumers must be able to identify and opt-out of these services.
To enable this option, simply make sure that you’ve enabled CCPA standards using the directions in the section above and the declaration will then be activated by default. In the services panel, whenever you add a service that could be considered a sale, the following checkbox will be made available. If the service has fields that require customization, you will see the checkbox within the usual customization screen (which typically appears after adding that service).
In cases where the service doesn’t require further customization, you’ll need to enter the edit screen in order to access the CCPA ‘sale’ checkbox. To do this (or to modify the CCPA sales checkbox after saving) simply click on the edit icon (pencil-shaped) and uncheck/check the option as need.
Once enabled, your policy will display a section that informs readers that a sale is happening, that they have the right to opt-out and will likely also give several options to do so. The current opt-out options given within the privacy policy are opt-out via links or via getting in touch.
If you deselect the pre-checked “consider as sale …” checkboxes or the generator determines that no sale is happening (based on the services you selected when creating your policy), your privacy policy will display a small statement to that effect.
As the definition of a sale is a bit complicated under the CCPA, we’ve put defaults in place leaning towards “sale” being activated. However we strongly suggest double-checking against your situation by determining whether a specific activity is to be considered a sale or by consulting with a legal professional.
For an in-depth look at the CCPA definition of a sale, how we apply sale defaults in the generator, and “sale exceptions”, read the guide here.
If your processing activities constitute as sale (as mentioned above) under the CCPA, and this processing potentially includes the personal information of minors, you will need to make some additional disclosures by selecting from the following services within the generator.
Please note that 2) and 3) are not mutually exclusive, they can be used at the same time. Additionally, be sure to review your processes to ensure that you meet CCPA requirements regarding minors.
If you run a business that doesn’t operate exclusively online and has a direct relationship with the user, then you must indicate “two or more designated methods” for submitting CCPA requests. One of these methods must be a toll-free telephone number. You can easily add this information via the “Owner field” within the generator.
The CCPA also requires the following:
In addition to the above information, you can find a summary of the changes introduced to meet CCPA requirements here.
Once activated and saved within the generator, your embedded privacy policy is automatically updated with the CCPA text – no need to re-integrate the code on your site!
Want to learn more about the CCPA and its full requirements? Read the How to Comply section of our detailed CCPA guide.