‘California Consumer Privacy Act’ Impacts Ecommerce Firms

The California Consumer Privacy Act raises the bar for privacy protection in America. The act serves up penalties for companies that fail to comply or that incur a data breach.

Passed and amended in 2018, the CCPA takes effect on January 1, 2020.

The law was known as”GDPR lite” because of its similarities to the European Union’s General Data Protection Regulation. While it doesn’t go so far as the GDPR in some places and is less complicated, the CCPA does provide relatively broad definitions in different locations, like expanding the GDPR notion of the right to delete information.

The law was known as”GDPR lite” because of its similarities to the European Union’s General Data Protection Regulation.

The CCPA is a substantial step toward protecting consumer information, including the private information most every ecommerce provider collects.

Beyond California

An ecommerce business doesn’t need to be found in California to be subject to the CCPA. Rather, the legislation covers California residents even if they purchase online. Thus, an ecommerce store based in Michigan would still be subject to the CCPA if it offered goods to a shopper living in California.

You will find comparable precedents in both the GDPR and in U.S. online sales taxes. In the case of the former, even U.S.-based sites have to comply with the GDPR for E.U. residents. And at the latter, a Wisconsin-based omnichannel merchant, as an instance, may still must collect sales tax for the state of California when a California resident purchases online.

So it is not surprising that an ecommerce company that sells to California residents is subject to some California laws.


The CCPA sets thresholds to protect small and midsize businesses. A company is only subject to the CCPA if It’s for-profit and if it matches at least one of the following three thresholds:

  • Annual earnings above $25 million,
  • Handles”the private information of 50,000 or more customers, households, or apparatus,”
  • “Derives 50 percent or more of its yearly revenue from selling customers’ personal information.”

The thresholds function to exempt many ecommerce companies. Most don’t derive half or more of the revenue from selling shoppers’ personal information. Likewise, many ecommerce companies have less than $25 million in annual sales.

The threshold which may impact ecommerce businesses most often is your 50,000-consumer rule. This could apply to each site visitor, irrespective of whether he made a purchase. And the amount, 50,000, translates into an average of just 137 unique visitors each day. An ecommerce firm with vigorous pay-per-click advertising campaigns could easily drive over 137 daily unique visitors.

Privacy Rights

The”Californians for Consumer Privacy” site makes salient points concerning the purpose of the CCPA.

  • California’s customers own and control their personal information.
  • Firms are responsible for protecting personal information.
  • Large businesses are accountable (may pay penalties ) for failure to protect private information.

These theories lead to five personal information rights. Especially, a California resident has a right to:

  • Access their personal information,
  • Have personal information deleted,
  • Know what personal information a company has accumulated or marketed,
  • Opt-out or opt-in, and not be emptied after picking out,
  • Not having their personal information revealed.

Each of those rights may require businesses, including ecommerce companies, to alter or adapt notifications, reporting, and answers.

Our technology services : Magento posshopify posbigcommerce poswoocommerce pos

GDPR Precedent

Complying with the CCPA might be relatively easy due to the GDPR. When there are differences in definitions and requirements, companies that have worked to obey the GDPR ought to be well-positioned to follow the CCPA.

By way of instance, an ecommerce company that has established the means for receiving and responding to complaints under the GDPR might just have to make minor changes for the CCPA. Likewise, these companies must have policies to report the personal data collected in compliance with the GDPR. While the CCPA has a wider definition of personal information compared to GDPR, the procedure for reporting is comparable.

Even ecommerce companies which did not need to abide by this GDPR will benefit from associated software tools and services because lots of these services and tools can be readily adapted to the CCPA.

Ecommerce companies should take some opportunity to ascertain whether the CCPA applies. In that case, do further research. Learn what the CCPA requires.

Leave a Reply

Your email address will not be published.