CCPA & Global Privacy control
Last updated
Was this helpful?
Last updated
Was this helpful?
The (CCPA) gives consumers more control over the personal information that businesses collect about them and the provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:
The about the personal information a business collects about them and how it is used and shared;
The personal information collected from them (with some exceptions);
The of the sale or sharing of their personal information; and
The for exercising their CCPA rights.
In November of 2020, California voters approved , which amended the CCPA and added new additional privacy protections that began on January 1, 2023. As of January 1, 2023, consumers have new rights in addition to those above, such as:
The inaccurate personal information that a business has about them; and
The the use and disclosure of sensitive personal information collected about them.
that are subject to the CCPA have several responsibilities, including responding to consumer requests to exercise these rights and giving consumers certain . The CCPA applies to many businesses, including .
It is required under CPRA to retain a minimum amount of data that is only essential for the organization to fulfill its requirements. In addition, businesses should not keep data for longer than necessary; if they do, a justification must be presented, and they must notify the user. The criteria to Comply with CPRA remained almost the same as in CCPA, but with a slight change:
Businesses should comply if they obtain a revenue of more than $25 million or gain 50% from selling personal data.
Businesses should comply if they process data of more than 100,000 users instead of 50,000.
The California Privacy Protection Agency was created to enforce the CPRA starting July 1, 2023. It is responsible for raising awareness about data privacy and ensuring that consumers’ rights are protected while implementing penalties on non-compliant entities.
To to be compliant with CCPA, simply follow these steps:
Create a dedicated ccpa banner: use the "footer with privacy center" template
Add your text about cookies: must list the categories of personal information businesses collect about consumers and the purposes for which they use the categories of information. Don't forget to integrate a link for your cookie policy.
Add a button with this exact text : “Do Not Sell My Personal Information” This button should Optout the user (value refuse all) or open a privacy center with one category “Personalized advertisement”. Please note: this category is a requirement (must contains all tags that can sell personal information).
Integrate in your website footer a link or a button to manage consent choices
example of html code to integrate:
<a href="#" onclick="tC.privacyCenter.showPrivacyCenter();return false">privacy center</a>
Add file "well-known.json" on your site Not mandatory, but recommended, GPC makes use of .well-known identifiers for sites to signal compliance with the GPC specification. The existence of this file indicates you are using GPC as part of your compliance with privacy laws. There may be a variety of tools available to implement the .well-known file on your site.
The following is a basic example of how to specify a static folder and files for your site.
First, create a folder called .well-known at the root of your site, so that the path is yoursite.com/.well-known/. Within this folder, create a file called gpc.json. The value of the file should then look something like this, with lastUpdate set to the date you last updated the file.
{
"gpc": true,
"lastUpdate": "2025-04-20"
}
This will give you a valid GPC file which states that you comply with the GPC in the context in which you understand it.
Adopters will usually supplement the .well-known file with a statement in their privacy policy that explains exactly how they interpret the GPC within their own systems. The exact message in your privacy policy is up to you and may require review by your legal team.
The Global Privacy Control is an initiative aimed at enabling users to easily exercise their privacy preferences across multiple websites and online services. It is designed to give users more control over how their personal information is collected, used, and shared online.
The GPC operates through a browser signal or an HTTP header that users can activate to indicate their privacy preferences. When a user enables the GPC signal in their browser, it sends a request to websites and online services, indicating that the user wishes to opt out of the sale or sharing of their personal information.
Simply follow these 2 easy steps:
1 - Enable on the option Global Privacy Control directly on your CCPA Banner
2- Regenerate and Deploy your Consent Banner
Set your for at least 12 months
Enable the option on your Commanders Act privacy banner
Update your Privacy Policy: Businesses that sell personal information about California residents, or allow information to be collected on their websites or apps, need to provide information in their privacy policies about that collection or sale. The CA Attorney General has provided draft regulations on how and what information should be included in privacy policies, which you can find .
For more information, you can visit their
3 - Verify your setup! You can use a to check your implementation
