In recent years, many online business owners have taken steps to comply with privacy laws and regulations.
El mayor cambio para muchos propietarios de sitios Web se produjo con la introducción del General data protection regulation (RGPD) en 2018. Cuando el RGPD entró en vigor en la UE, las empresas en línea tuvieron que poner en práctica banners de cookies que solicitaban a los visitantes de la UE su consentimiento para formar parte. dejar caer las cookies.
Esto se debió a que la regulación introdujo reglas sobre cómo las empresas podían compilar datos de los usuarios, algo que hacen muchos sitios web a través de cookies. Específicamente, la legislación dice que las empresas solo pueden compilar datos una vez que hayan recibido el consentimiento válido del Username. Afortunadamente, se lanzaron muchos complementos de WordPress de cumplimiento de GDPR junto con algunas actualizaciones centrales de WordPress para simplificar el seguimiento de las reglas.
Desde que entró en vigor el RGPD, muchos otros países y estados han creado sus propias regulaciones. Uno de esos conjuntos de reglas es la Ley de Privacidad del Consumidor de California (CCPA), una regulación de privacidad que afectará a las empresas con clientes en California (que comparamos en nuestro post GDPR vs CCPA).
Although collecting consent to place cookies was a major change that websites had to make to comply with GDPR, the biggest challenge for websites in CCPA is the Do not sell part of the regulation.
In this post, we will see what the Do Not Sell rule is and how WordPress users can use a simple plugin to comply with the following CCPA regulation.
What is the CCPA and the no-sell rule?
The CCPA will go into effect on January 1, 2020. The regulation affects how companies, including those that operate entirely online, can compile and process data from Californians. For website owners, this will affect how they can use cookies and other online trackers to compile user data.
the Do not sell The standard is a key part of the regulation. It defines that companies must give consumers the option to exclude themselves from the sale of their personal data.
Specifically, the regulation says that companies must:
- Have a page on your web portal titled "Do not sell my personal information." On this page, California consumers can choose not to participate in the sale of their personal data.
- The company must clearly link to the "Do not sell my personal information" website from the home page.
- The web portal must describe the consumer's rights to opt out of the sale of personal data and provide a link to the "Do not sell my personal information" page in its privacy policy.
- Once a user requests that a company not sell their personal information, the company must respect this decision for a minimum of 12 months.
- In short, websites must have a way of showing that they are honoring these customer requests.
Businesses and website owners should put processes in place to help them comply with the above guidelines.
Those who fail to comply with the regulations risk being fined up to $ 7,500 for intentional violation and $ 2,500 for each unintentional violation.
What is a Do Not Sell button?
A Do Not Sell button is a floating button that website owners can add to their web portal to allow visitors to opt out of the sale of their personal information and direct them to key pages such as "Do not sell my personal information." page.
A Do Not Sell button is just one piece of a more extensive solution to help website owners meet Do Not Sell requirements.
A complementary element of Do Not Sell is the CookiePro Consumer Rights Administration solution. The answer helps website owners to create CCPA compliant web forms that they can add to the "Do not sell my personal information" button and dedicated page. Visitors to the web portal can use these forms to opt out of the sale of their personal data. CookiePro then processes these requests and, through synchronization with other technologies in use on its web portal, stops the sale of data to consumers who have opted out.
Do I need a CCPA Don't Sell button?
To understand whether you require a Do Not Sell button, you will first need to establish whether your business is subject to the CCPA and whether your business sells personal data. If it meets both requirements, it requires a Do Not Sell button.
The CCPA affects companies that collect data from California residents, regardless of whether the company is based in the state or not. However, unlike GDPR that affects all companies operating in the area, companies will only be subject to CCPA if they meet one of the following three requirements:
- If they originate $ 25 million in annual income.
- If they collect, buy, receive or sell the information of more than 50,000 Californians in one year.
- If they obtain 50% or more of their income from the sale of personal data of Californians.
Estos pueden parecer requerimientos bastante elevados. No obstante, cuando considera que la IP adress y los identificadores en línea cuentan como datos personales, de hecho es bastante sencillo para los sitios web alcanzar el umbral. Simplemente, solo requiere compilar los datos de 137 visitantes del portal web de California por día para alcanzar el total anual.
At the same time, it is not just the cookie data that is subject to CCPA regulations. Other types of personal data mentioned by the regulation include anything that "identifies, is related to, describes, may be associated with, or may be reasonably related, directly or indirectly, to a particular consumer or household."
This includes names, addresses, online identifiers, IP addresses, social security numbers, passport numbers, etc. You must include these data points in your calculations to establish whether you must comply with the CCPA.
The next step is to find out if your company sells the personal data it collects. For businesses, like data brokers, this will be obvious. However, there are many other companies where it may be less clear.
In part, this boils down to the CCPA's definition, which considers a "sale" to be simply any form of disclosure of personal information. CCPA establishes the sale as:
"Sell", "sell", "sell" or "sell" means to sell, rent, release, disclose, disseminate, make available, transfer or otherwise communicate orally, in writing, or by electronic or other means, The personal information of the company to another company or a third party for monetary or other purposes.
This definition means that online publishers or websites that provide visitor data to advertisers to display personalized ads could be categorized as sales data.
When online publishers sell advertising space, they often share information about the user who is currently on the web portal with third parties, including ad networks and exchanges. This allows the advertiser to show their ads to users who they think will be interested in their products.
Due to the above definitions of "Sale" and "Personal Data", this practice is likely to be considered sale, which means that websites that use targeted advertisements may have to offer users the option to opt out of the sale of your data.
If this seems like something your web portal does, you may need a Do Not Sell button to avoid regulatory issues.
How to use CookiePro to add a Do Not Sell button to your web portal
The easiest way to add a Do Not Sell button to your web portal is to use a plugin (such as the one provided by CookiePro) that will take care of the entire procedure for you. CookiePro's Do Not Sell plugin was developed specifically for WordPress sites. Here are instructions to implement it on your web portal.
- Install and activate the CookiePro Do Not Sell plugin on your WordPress web portal.
- Once activated, the CookiePro CCPA plugin will appear in the left navigation of your WordPress dashboard.
- Customize your Do Not Sell button and modal.
Optional: Copy and paste the CookiePro Consumer Rights form link in CookiePro CCPA plugin - Click save and publish.
Once you have installed the plugin, California visitors will see a button with a link to the Do not sell my personal information page when they visit your web portal.
Cuando el visitante hace clic en el botón, puede optar por no recibir anuncios personalizados o enviar una solicitud de derechos del consumidor para asegurarse de que otras tecnologías en su portal web no vendan los datos del client.
The CCPA adds a new layer of compliance that many sites will need to know about. Check the conditions listed above, and if your site meets any of them, you'll want your Don't Sell button added soon. You have until January 1, 2020 to make updates to your site and avoid penalties. But luckily, with WordPress this can be as simple as installing a plugin.
If your online business is subject to CCPA and you want to implement a Do Not Sell button on your web portal, Click here for more information on how CookiePro can help your business comply with the CCPA and other privacy regulations.
