In recent years, many online business owners have taken steps to comply with privacy laws and regulations.
The biggest change for many website owners came with the introduction of the General Data Protection Regulation (GDPR) in 2018. When the GDPR entered into force in the EU, online businesses had to implement cookie banners that they asked visitors from the EU for their consent to join. drop cookies.
This was because the regulation introduced rules on how companies could compile user data, something that many websites do through cookies. Specifically, the legislation says that companies can only compile data once they have received valid consent from the user. Fortunately, many GDPR compliance WordPress plugins were released along with some core WordPress updates to make it easy to keep track of the rules.
Since the GDPR came into force, many other countries and states have created their own regulations. One such set of rules is the California Consumer Privacy Act (CCPA), a privacy regulation that will affect businesses with customers in California (which we compared in our post GDPR vs CCPA).
Although collecting consent to place cookies was a major change that websites had to make to comply with GDPR, the biggest challenge for websites in CCPA is the Do not sell part of the regulation.
In this post, we will see what the Do Not Sell rule is and how WordPress users can use a simple plugin to comply with the following CCPA regulation.
What is the CCPA and the no-sell rule?
The CCPA will go into effect on January 1, 2020. The regulation affects how companies, including those that operate entirely online, can compile and process data from Californians. For website owners, this will affect how they can use cookies and other online trackers to compile user data.
the Do not sell The standard is a key part of the regulation. It defines that companies must give consumers the option to exclude themselves from the sale of their personal data.
Specifically, the regulation says that companies must:
- Have a page on your web portal titled "Do not sell my personal information." On this page, California consumers can choose not to participate in the sale of their personal data.
- The company must clearly link to the "Do not sell my personal information" website from the home page.
- The web portal must describe the consumer's rights to opt out of the sale of personal data and provide a link to the "Do not sell my personal information" page in its privacy policy.
- Once a user requests that a company not sell their personal information, the company must respect this decision for a minimum of 12 months.
- In short, websites must have a way of showing that they are honoring these customer requests.
Businesses and website owners should put processes in place to help them comply with the above guidelines.
Those who fail to comply with the regulations risk being fined up to $ 7,500 for intentional violation and $ 2,500 for each unintentional violation.
What is a Do Not Sell button?
A Do Not Sell button is a floating button that website owners can add to their web portal to allow visitors to opt out of the sale of their personal information and direct them to key pages such as "Do not sell my personal information." page.
A Do Not Sell button is just one piece of a more extensive solution to help website owners meet Do Not Sell requirements.
A complementary element of Do Not Sell is the CookiePro Consumer Rights Administration solution. The answer helps website owners to create CCPA compliant web forms that they can add to the "Do not sell my personal information" button and dedicated page. Visitors to the web portal can use these forms to opt out of the sale of their personal data. CookiePro then processes these requests and, through synchronization with other technologies in use on its web portal, stops the sale of data to consumers who have opted out.
Do I need a CCPA Don't Sell button?
To understand whether you require a Do Not Sell button, you will first need to establish whether your business is subject to the CCPA and whether your business sells personal data. If it meets both requirements, it requires a Do Not Sell button.
The CCPA affects companies that collect data from California residents, regardless of whether the company is based in the state or not. However, unlike GDPR that affects all companies operating in the area, companies will only be subject to CCPA if they meet one of the following three requirements:
- If they originate $ 25 million in annual income.
- If they collect, buy, receive or sell the information of more than 50,000 Californians in one year.
- If they obtain 50% or more of their income from the sale of personal data of Californians.
These may seem quite high requirements. However, when you consider that IP address and online identifiers count as personal data, it is actually quite easy for websites to reach the threshold. It just requires compiling data from 137 California web portal visitors per day to reach the annual total.
At the same time, it is not just the cookie data that is subject to CCPA regulations. Other types of personal data mentioned by the regulation include anything that "identifies, is related to, describes, may be associated with, or may be reasonably related, directly or indirectly, to a particular consumer or household."
This includes names, addresses, online identifiers, IP addresses, social security numbers, passport numbers, etc. You must include these data points in your calculations to establish whether you must comply with the CCPA.
The next step is to find out if your company sells the personal data it collects. For businesses, like data brokers, this will be obvious. However, there are many other companies where it may be less clear.
In part, this boils down to the CCPA's definition, which considers a "sale" to be simply any form of disclosure of personal information. CCPA establishes the sale as:
"Sell", "sell", "sell" or "sell" means to sell, rent, release, disclose, disseminate, make available, transfer or otherwise communicate orally, in writing, or by electronic or other means, The personal information of the company to another company or a third party for monetary or other purposes.
This definition means that online publishers or websites that provide visitor data to advertisers to display personalized ads could be categorized as sales data.
When online publishers sell advertising space, they often share information about the user who is currently on the web portal with third parties, including ad networks and exchanges. This allows the advertiser to show their ads to users who they think will be interested in their products.
Due to the above definitions of "Sale" and "Personal Data", this practice is likely to be considered sale, which means that websites that use targeted advertisements may have to offer users the option to opt out of the sale of your data.
If this seems like something your web portal does, you may need a Do Not Sell button to avoid regulatory issues.
How to use CookiePro to add a Do Not Sell button to your web portal
The easiest way to add a Do Not Sell button to your web portal is to use a plugin (such as the one provided by CookiePro) that will take care of the entire procedure for you. CookiePro's Do Not Sell plugin was developed specifically for WordPress sites. Here are instructions to implement it on your web portal.
- Install and activate the CookiePro Do Not Sell plugin on your WordPress web portal.
- Once activated, the CookiePro CCPA plugin will appear in the left navigation of your WordPress dashboard.
- Customize your Do Not Sell button and modal.
Optional: Copy and paste the CookiePro Consumer Rights form link in CookiePro CCPA plugin - Click save and publish.
Once you have installed the plugin, California visitors will see a button with a link to the Do not sell my personal information page when they visit your web portal.
When the visitor clicks the button, they can choose not to receive personalized ads or submit a consumer rights request to ensure that other technologies on their web portal do not sell customer data.
The CCPA adds a new layer of compliance that many sites will need to know about. Check the conditions listed above, and if your site meets any of them, you'll want your Don't Sell button added soon. You have until January 1, 2020 to make updates to your site and avoid penalties. But luckily, with WordPress this can be as simple as installing a plugin.
If your online business is subject to CCPA and you want to implement a Do Not Sell button on your web portal, Click here for more information on how CookiePro can help your business comply with the CCPA and other privacy regulations.
