What Rights Does the CCPA Provide to Consumers?

What Rights Does the CCPA Provide to Consumers?

Table of Contents

The California Consumer Privacy Act (CCPA) is a landmark in consumer rights regulation, the first of its kind in the USA. It aims to give consumers greater control over how their personal data is collected and used by businesses. 

CCPA is built around certain rights that enable consumers to see, correct, delete and control their data. Let’s look at the seven key rights embodied within CCPA.

What are the seven rights given to consumers by the CCPA?

The CCPA is built around key rights that consumers have to exercise control over their personal data. The legislation applies to most for-profit businesses handling the personal information of California residents.

The California Privacy rights Act (CPRA) amends the CCPA,  adding  rules for businesses that sell personal information – find out more about the differences between CCPA and CPRA here.

These are the seven consumer rights set out by CCPA (as amended by the CPRA):

1.Right to know about personal information collected by a business 

2.Right to know how personal information is used and shared

3. Right to delete personal information collected about you (subject to a few exceptions)

4. Right to opt out of sale or sharing of personal information

5. Right to non-discrimination for exercising CCPA rights

6. Right to correct inaccurate personal information that a business holds

7. Right to limit the use and disclosure of sensitive personal information

1. Right to know about personal information collected by a business

Consumers must be told what personal information is being collected, and for what purpose, at the point of collection. This notice should be provided every time a business begins to collect new forms of personal information, and if data starts to be used for a new purpose. 

While confirming what data is collected, businesses should also inform the consumer of their right to request deletion of the data. 

Consumers are given the right to request a portable (easily accessible) copy of all personal information a business has collected on them in the preceding 12 months. 

To comply with a request, a business should confirm the categories of sources for personal information that have been collected, the purpose of collection, the categories of third parties the data has been shared with, and the specific pieces of personal information that has been collected. 

There should be two ways to request disclosure (eg phone line and email) and it should be made without charge. 

2. Right to know how personal information is used and shared

Consumers should be informed when an organization sells or shares the personal information they have collected about them. 

Whenever an organization intends to collect personal information, the ways in which this will be used should be stated – including where it will be sold or shared. This enables users to opt out of the sale or sharing of the consumer’s personal information.. 

3. Right to delete personal information collected about you (subject to a few exceptions)

Residents of California can lodge a consumer request that a business delete all personal information that has been collected about them in the preceding 12 months. The business will need to verify the identity of the consumer to comply with the request. 

If third party service providers are used, they should also be required to delete the consumer’s personal information. There are a few exceptions to this right, for example where personal information is kept in order to protect public security, for free speech reasons or to comply with legal obligations.

4. Right to opt out of sale or sharing of personal information

Residents of California can request that a business does not sell their personal information to third parties. To enable consumers to exercise this right, businesses should have an easily-accessible ‘do not sell my personal information’ link on their websites for consumers to select. 

Businesses must not require consumers to set up an account in order to opt out of third-party data sales, but those with existing accounts may be asked to opt out using their account.

5. Right to non-discrimination for exercising CCPA rights

Businesses are not allowed to treat consumers any differently based on their choices about how their personal data is handled. For example, if a consumer refuses permission for their personal data to be sold to third parties, this should not result in a lower level of service or higher prices.

On the other hand, CCPA does permit businesses to offer financial incentives for goods and services where this is reasonably related to the value provided by consumer data.

6. Right to correct inaccurate personal information that a business holds

Consumers have the right to correct any information held about them that they believe to be incorrect. 

7. Right to limit the use and disclosure of sensitive personal information

Sensitive personal information is data that divulges something that could be identifying, harmful or damaging to an individual. This includes social security numbers, driver’s licence number, bank account details, exact geolocation, genetic data, racial origin, sexuality, religious faith or union membership. 

This data is restricted to being used only where necessary for providing products or services to consumers. Businesses are required to notify consumers before using this type of data and consumers must be given the right to opt out.

Are you CCPA compliant?

Businesses face a challenge in ensuring their websites and systems are CCPA compliant without impacting user experience or functionality. However, breaches of the CCPA can be penalized by the California Attorney General by fines of up to $7,500 per breach – so it’s important to be compliant. 

CCPA is not the only legislation companies need to understand. The EU’s General Data Protection Regulation (GDPR) has similar requirements to CCPA – but with some important differences. 

CookieHub can help you to understand cookie banner requirements and implement the rules so you are compliant but also offer a smooth, positive experience for your customers. Get in touch with us to discuss your requirements.

Sales & Support