{"id":9369,"date":"2025-07-23T13:52:15","date_gmt":"2025-07-23T12:52:15","guid":{"rendered":"https:\/\/lawwwing.com\/?p=9369"},"modified":"2025-07-22T14:33:25","modified_gmt":"2025-07-22T13:33:25","slug":"is-your-website-compliant-with-the-ccpa-and-cpra-a-legal-guide-for-ecommerce","status":"publish","type":"post","link":"https:\/\/lawwwing.com\/en\/is-your-website-compliant-with-the-ccpa-and-cpra-a-legal-guide-for-ecommerce\/","title":{"rendered":"Is your website compliant with the CCPA and CPRA? A legal guide for eCommerce"},"content":{"rendered":"\n

California has set a new standard in data privacy with two key laws: the CCPA<\/strong> and its expansion, the CPRA<\/strong>. If you operate a website or online store that reaches users in the U.S., this guide is for you.<\/p>\n\n\n\n

<\/p>\n\n\n\n

What are the CCPA and CPRA?<\/h2>\n\n\n\n

The California Consumer Privacy Act (CCPA)<\/strong> came into effect on January 1, 2020. The California Privacy Rights Act (CPRA)<\/strong> expands and amends it and has been applicable since January 1, 2023<\/strong>, with retroactive scope from January 2022.<\/p>\n\n\n\n

Law<\/th>Effective Date<\/th>Enforcement Start<\/th><\/tr><\/thead>
CCPA<\/td>January 1, 2020<\/td>July 1, 2020<\/td><\/tr>
CPRA<\/td>January 1, 2023<\/td>July 1, 2023<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Who does it apply to?<\/h2>\n\n\n\n

The CCPA\/CPRA applies to any for-profit business that meets one or more of the following thresholds:<\/p>\n\n\n\n

    \n
  • Has annual gross revenue over $25 million<\/strong><\/li>\n\n\n\n
  • Buys, sells, or shares personal data of 100,000 or more consumers, households, or devices<\/strong><\/li>\n\n\n\n
  • Derives 50% or more of annual revenue<\/strong> from selling or sharing personal data<\/li>\n<\/ul>\n\n\n\n

    Legal reference:<\/strong> \u00a71798.140(d) CCPA<\/p>\n\n\n\n

    <\/p>\n\n\n\n

    What rights do consumers have under CCPA\/CPRA?<\/h2>\n\n\n\n
      \n
    • Right to know<\/strong> what personal information is collected (\u00a71798.110)<\/li>\n\n\n\n
    • Right to delete<\/strong> personal information (\u00a71798.105)<\/li>\n\n\n\n
    • Right to correct<\/strong> inaccurate data (new under CPRA) (\u00a71798.106)<\/li>\n\n\n\n
    • Right to limit the use<\/strong> of sensitive personal information (\u00a71798.121)<\/li>\n\n\n\n
    • Right to opt-out<\/strong> of the sale or sharing of personal data (\u00a71798.120, \u00a71798.135)<\/li>\n\n\n\n
    • Right to non-discrimination<\/strong> for exercising privacy rights (\u00a71798.125)<\/li>\n<\/ul>\n\n\n\n

      <\/p>\n\n\n\n

      Key business obligations under CCPA\/CPRA<\/h2>\n\n\n\n

      1. Privacy Policy<\/strong>
      You must publish a clear, updated privacy policy that explains what data you collect, how it\u2019s used, and how consumers can exercise their rights.<\/p>\n\n\n\n

      Reference: \u00a71798.130(a)(5)<\/em><\/p>\n\n\n\n

      2. \u201cDo Not Sell or Share My Personal Information\u201d Notice<\/strong>
      You must provide a visible mechanism (link or banner) allowing users to opt out of the sale or sharing of their personal information.<\/p>\n\n\n\n

      Reference: \u00a71798.135<\/em><\/p>\n\n\n\n

      3. Handle Consumer Requests<\/strong>
      You are required to offer at least two communication channels (e.g. web form and email) so users can submit data access, correction, or deletion requests.<\/p>\n\n\n\n

      Reference: \u00a71798.130(a)<\/em><\/p>\n\n\n\n

      4. Consent for Sensitive Personal Information<\/strong>
      Under the CPRA, you must obtain specific consent to use data like precise geolocation, health info, biometric data, etc.<\/p>\n\n\n\n

      Reference: \u00a71798.121<\/em><\/p>\n\n\n\n

      5. Third-Party Data Processing Agreements<\/strong>
      You must have compliant contracts with all vendors who process personal data on your behalf to ensure they meet CCPA\/CPRA requirements.<\/p>\n\n\n\n

      Reference: \u00a71798.140(ag)<\/em><\/p>\n\n\n\n

      <\/p>\n\n\n\n

      How does this affect websites and eCommerce?<\/h2>\n\n\n\n

      If your website:<\/p>\n\n\n\n

        \n
      • Uses tracking cookies for advertising or analytics<\/li>\n\n\n\n
      • Collects user data via forms (e.g. email, name, phone)<\/li>\n\n\n\n
      • Shares data with platforms like Google Ads, Meta, Mailchimp, etc.<\/li>\n\n\n\n
      • Targets or sells to users located in California<\/li>\n<\/ul>\n\n\n\n

        Then you are required to comply with CCPA and CPRA regulations.<\/p>\n\n\n\n

        <\/p>\n\n\n\n

        What happens if you don't comply?<\/h2>\n\n\n\n
          \n
        • Fines of up to $2,500 per unintentional violation<\/strong><\/li>\n\n\n\n
        • Up to $7,500 per intentional violation<\/strong><\/li>\n\n\n\n
        • Risk of class action lawsuits<\/strong> if consumer data is leaked due to negligence<\/li>\n<\/ul>\n\n\n\n

          Reference: \u00a71798.155<\/em><\/p>\n\n\n\n

          <\/p>\n\n\n\n

          How to make your website compliant<\/h2>\n\n\n\n
            \n
          • \u2611\ufe0fReview and update your privacy policy<\/li>\n\n\n\n
          • \u2611\ufe0fDisplay a cookie banner with opt-out options<\/li>\n\n\n\n
          • \u2611\ufe0fAdd a visible \u201cDo Not Sell or Share\u201d link<\/li>\n\n\n\n
          • \u2611\ufe0f Implement forms for access, deletion, and correction requests<\/li>\n\n\n\n
          • \u2611\ufe0f Review contracts with your service providers<\/li>\n\n\n\n
          • \u2611\ufe0f Audit cookies, tracking technologies, and data flows<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

            California has set a new standard in data privacy with two key laws: the CCPA and its expansion, the CPRA. If you operate a website or online store that reaches users in the U.S., this guide is for you. What are the CCPA and CPRA? The California Consumer Privacy Act (CCPA) came into effect on […]<\/p>\n","protected":false},"author":10,"featured_media":9370,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[336],"tags":[],"class_list":["post-9369","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cmp-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts\/9369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/comments?post=9369"}],"version-history":[{"count":1,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts\/9369\/revisions"}],"predecessor-version":[{"id":9373,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/posts\/9369\/revisions\/9373"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/media\/9370"}],"wp:attachment":[{"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/media?parent=9369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/categories?post=9369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lawwwing.com\/en\/wp-json\/wp\/v2\/tags?post=9369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}