The California Consumer Privacy Act of 2018 (CCPA) is a law that addresses the privacy rights of California consumers. If you do business in California, including operating a website that's accessible to California residents, you may need to comply with the CCPA by January 1, 2020.
This law extends specific notice, disclosure, and opt-out rights to California consumers for personal information. This includes information that a business collects, discloses for a business purpose, and/or sells to a third party, as well as specific access to this information, and a right to request deletion of the personal information held by a business.
- The CCPA definitions of “personal information” and “sale” are broad and cover a wide range of information and activities you may not expect.
- If your business “sells” the “personal information” of a California “consumer” (as defined by the CCPA), you must include a link on your website that states “Do Not Sell My Personal Information” to allow California residents the right to opt-out of the sale of personal information.
- The “Do Not Sell My Personal Information” link is sometimes referred to as a DNS link.
- Plan on posting a DNS link on your website? Let us know! We want to ensure we do not collect any personal information your customer may have opted out of.
- This law was passed at the end of June 2018 and finalized by the California State Legislature on September 13, 2019. It goes into effect on January 1, 2020.
Who This Applies To
The CCPA is a law for California consumers that certain for-profit businesses must comply with. Check if your business qualifies:
A business that meets all of the following criteria:
- A for-profit business
- Does business in California
- Collects consumer information,
- Determines how to user the consumer information.
And meets any of these criteria:
- Has an annual gross revenue of >25M.
- Buys, sells, or shares PI of at least 50k California people, households, or devices annually.
- Gets 50% or more of its annual income from selling PI.
If your business is not required to comply with CCPA, let your consumers know and disclose NextRoll as a business within the scope of the CCPA, along with a link to NextRoll’s CCPA-mandated notices and disclosures.
How NextRoll Will Comply
We will comply with the January 1, 2020 law by:
- Updating our privacy notice to have all CCPA-required notices and disclosures.
- Continuing to honor end-users’ choice to opt out of interest-based advertising, regardless of how the definition of "sale" is applied to the disclosure of personal information for advertising, marketing, and analytics.
- Requiring our customers to disclose in their Privacy Notice a section addressing California Residents and linking to our California Residents PN section (to be available sometime in October).
How You Can Comply
You know your business better than we do, but here are some tips for how you can ensure that you comply with this new privacy law.
- NextRoll’s Terms of Service require our customers to update the Privacy Notice on their website to provide notice to California residents and a link to the CCPA portion of NextRoll’s Privacy Notice by or before January 1, 2020. See Section 8.3: https://www.nextroll.com/terms.
- To discuss the “service provider” exception to the CCPA or describe the functionality of any “Do Not Sell My Personal Information” link you intend to post on your website to ensure that NextRoll can honor the opt-out you provide please reach out [not sure what resource to add here??].
- We strongly advise that you consult with an attorney or privacy professional to understand whether (and how) to comply with CCPA.