Iubenda logo
Start generating


Table of Contents

California Consumer Privacy Act (CCPA) summary

For those seeking a straightforward overview of the California Consumer Privacy Act (CCPA), your search ends here! This CCPA summary provides a concise and accessible resource to quickly grasp the key aspects of this important privacy legislation.

In this CCPA summary you’ll have a complete overview on the main definitions, requirements and rights.

CCPA summary

CCPA Overview

Let’s start from the top: the CCPA took effect on January 1st, 2020. It puts in place new requirements for processing personal information and grants Californian consumers additional rights.

The CCPA applies to any business that targets California-based consumers and collects their personal information.

But what exactly are businesses, consumers and personal information under the CCPA? 


Some of the definitions of the CCPA have been updated by the latest California Privacy Rights Act (CPRA). Learn everything you need to know in our comprehensive guide.

CCPA Summary: main definitions 

A business is any for-profit organization that collects and processes personal information, and that meets at least one of these requirements:

  • it has annual gross revenues of at least $25 million; or
  • it generates more than half of its annual income by exchanging customers’ personal information with third parties; or
  • it processes (buys, sells, receives, and shares) personally identifiable information of at least 50,000 Californians every year.

Any person who lives in California.

At the heart of CCPA is personal information, which is defined as any information that, alone or in combination with other information, can lead to a user’s identification.

Examples of personal information are: name, email address, driver’s license number, but also IP address, geolocation data and much more.

You can check the full list here.

The idea of sale is linked to the definition of personal information: sale here does not just relate to the act of trading for money, but to any activity that consists of sharing the user’s personal information for anything that might benefit the business.

More information regarding the CCPA’s idea of sale may be accessed here.

What about the rights of users?

While doing business with users in California, take into account that they have specific data privacy rights:

  • right to be informed: they have the right to know how you’re going to use their data;
  • right of access and right to portability: they have the right to access the information you have about them and to request a copy;
  • right to be deleted: they have the right to request the erasure of all the data you have about them;
  • right to opt-out: they have the right to tell a business which sells their personal information to third parties, that they must stop selling such personal information.
  • right to not be discriminated: businesses are prohibited from discriminating against consumers for exercising their rights granted under the law.
More on CCPA and CCPA compliance

This article is a part of our series on CCPA. Read also:

👉 CCPA vs GDPR: what’s the difference?

Does CCPA apply to my company?

As we mentioned above, the CCPA applies to any for-profit organization operating in California.

Please keep in mind that your business doesn’t need to be in California, it might be situated anywhere: as long as your services are available in California, you may be covered by the CCPA and must follow its rules.

💡 Take this quick quiz to find out if the CCPA applies to you.

Now that you’ve got a better idea of what the CCPA is all about, let’s go over what you might need to do to comply. 

The first thing you need is a genuine and transparent privacy policy that includes all essential disclosures about how you gather and manage personal information from users. 

It should be clearly available from your website’s or app’s homepage, clarify the mechanism through which users can make changes to their personal data, and include your contact information for CCPA requests.

Then, the CCPA requires you to display a notice that informs consumers of which categories of personal information will be collected and the purposes for the collection. Consumers must also be allowed to opt-out of this processing. 

You can find more information on how to satisfy CCPA requirements here.

What are the penalties for violating the CCPA?

Consumers have the legal right to sue firms that break the law. You may be required to pay up to $750 in damages (or cover real losses if larger) for each affected customer. 

  • If you breach the CCPA inadvertently, you can be penalized up to $2,500 for each offense. 
  • If you intentionally violate the CCPA, you might face a fine of up to $7,500 per infraction.

While these sanctions may not appear to be significant when compared to the GDPR, keep in mind that they apply per each infringement and per customer.

Learn more here.

How iubenda can help

iubenda helps you comply with the CCPA in minutes. 

Generate your privacy policy with our Privacy and Cookie Policy Generator and create your notice of collection with the Privacy Controls and Cookie Solution

Try it now, risk-free! 

See also