CCPA Cookie Consent
The EU’s regulations on personal data collection and processing are perhaps the world’s strictest. However, the US followed suit and introduced the California Consumer Privacy Act (CCPA), a state-wide data privacy law.
The CCPA protects Californian residents’ data from privacy violations. Like GDPR, the CCPA also regulates the use of cookies that sell personal information (or data). However, there is a key difference between both laws when it comes to using cookies. Let us look at what CCPA cookie consent is all about and what it entails.
* Free 14-day trial. Cancel anytime.
Are cookies personal information under CCPA?
Cookies are classified as ‘unique identifiers,’ which is part of personal information. Information collected by cookies can be used to identify users or the devices linked to them.
Therefore, like GDPR, the CCPA also regulates the use of website cookies.
Does CCPA require cookie consent?
The CCPA does not require that a business obtain user consent for collecting and processing their personal information. However, if they collect and sell the personal information of users to third parties, it must give users the right to opt-out of the sale of personal information.
Consent is necessary for certain circumstances like information transfer or collecting and using the personal information of minors (below 16 years of age).
Therefore, cookie consent is not a mandatory requirement for CCPA compliance. The only requirement is to provide an opt-out for cookies that sell the personal information of users and to inform users about the use of cookies.
Is your website compliant with GDPR and CCPA?
Scan your website for cookies and find out.
* Free 14-day trial. Cancel anytime.
Is cookie consent required in the US?
The CCPA applies to businesses that serve the California residents and as per the Act, consent is not required to use cookies. However, if the cookies sell the collected personal information to other businesses, then users have the right to opt-out of it if they wish.
The US had other privacy laws like Virginia CDPA for protecting the rights and interests of Virginia residents. It also does not require consent for data processing unless its sensitive data or for purposes other than what was disclosed to users.
Another possibility where cookie consent is required in the US if the US-based website provides products and services to EU residents and collects and processes their personal data via cookies. In that case, the site has to comply with the GDPR cookie consent requirements.
What are the requirements for CCPA compliance for cookies?
The CCPA encourages opt-out model for regulating data processing unlike GDPR that emphasizes both opt-in and opt-out approach. For CCPA cookie compliance, the websites must provide an opt-out option for denying consent to use cookies that collect and sell users’ personal information.
Opt-in or asking consent isn’t mandatory unless you cater to consumers under the age of 16 years old.
To comply with CCPA for cookies, it is necessary to follow these practices:
- Provide “Do Not Sell My Personal Information” link on the consent banner for opting out of the sale of personal information (also on the website, preferably in the footer).
- A detailed privacy/cookie policy that discloses details about the use of cookies and their purpose.
- Provide the link to the privacy or cookie policy on the cookie banner.
- Wait at least 12 months before notifying about cookies again if the user opts out.
How do I enable CCPA compliance for cookies?
Setting up CCPA compliance for cookies requires you to first identify the type of cookies your website uses. If you use non-essential cookies that collect and sell personal information and track users, you must let users opt-out of it.
You can set up a consent banner or pop-up on your website to inform about cookies and provide the opt-out option. The banner, as stated above, must inform users about cookies and their purpose in easy-to-understand language.
Setting up a CCPA-complying cookie notification is not easy. However, you can automate it using a free consent management platform like CookieYes. CookieYes is a web application for collecting and managing cookie consent on your website. With the application, you can cater to all the requirements of the CCPA for cookies using its host of features.
CookieYes cookie consent manager offers the following features:
- Easy integration with WordPress and other major CMS such as Shopify, Wix, Squarespace, etc.
- Fully customizable consent notice
- Cookie scanning and auto-categorization of cookies
- Auto-blocking of third-party cookies before consent
- Do Not Sell My Personal Information (editable) link on banner.
- Consent revisit widget
- Auto-translation of the banner to 30+ languages
- Consent logging
- Geo-targeted banner for US/California visitors
- Free privacy policy and cookie policy
And much more!
Sign up for free
Explore all these amazing features to make your website GDPR compliant for cookies.
* Free 14-day trial. Cancel anytime.