I’ll keep this brief. If the following applies then YES.
This is not legal advice but based on my own research.
CCPA & Facebook Ads – Does it Apply To You?
CCPA applies if you collect data from Californian residents and:
- have annual gross revenue of more than $25 million USD
- annually buy, receive for a “commercial purpose”, sell, or share for “commercial purposes”, the personal information of 50,000 or more California consumers, households, or devices; or
- derive 50% or more annual revenue from selling California consumers’ personal information.
Point 1) is a generic revenue number. If you make more than $25M but only have a few thousand CALI customers or visits it still applies.
Point 2) goes for any data collection, from what I understand, whether just about IP and device, or email and home address.
Point 3) I believe is, for example, if you’re collecting emails via lead gen, then ‘renting’ those lists to 3rd parties this is an act of selling personal info.
I went deep into understanding GDPR so to answer a few common questions from there which can apply to CCPA:
- How would the authorities catch me based on the above? It’s important to know GDPR and CCPA are reactive directives and regulations. Meaning, that at the point where a breach is discovered, for example, a customer complains that you sold their data and an investigation is made, then you’ll be found out. So this is about doing the right thing to protect yourself in the event something goes wrong.
- What should I do with the Facebook pixel? If you’re confident the above doesn’t apply then head into your pixel settings and enable tracking for California. Just know that whether you’re CCPA compliant or not, without firm legal advice, you take on 100% risk of this decision.
- Others haven’t done anything so does it matter? As with GDPR, there’s some open interpretation. As with GDPR, some won’t implement, others will go overboard. What’s right for you will depend on the above, your interpretation and your level of risk acceptance.
If you’re confident you don’t fall into any of those then you can reenable the FB pixel and any other website apps using cookies, for California.
However, if you believe you fall into at least one of those categories above, then you need to take action.
The action required is MORE than just asking for cookie permission, it goes deeper into how you store and record data, who’s responsible, who has access and more.
At that level, you’re better off getting proper advice – if you’re doing above $25M in revenue you’d likely have a legal counsel anyway and be in a stronger position to make the right decisions for your business.
- Simple explainer on what it is and how it affects consumers: https://www.salecycle.com/blog/strategies/what-is-ccpa-and-how-does-it-affect-ecommerce/
- Shopify Whitepaper: https://help.shopify.com/pdf/CCPA-whitepaper.pdf
- Explainer from BigCommerce: https://support.bigcommerce.com/s/article/Intro-to-CCPA (where the attached image was taken from)
Please add your views and thoughts below to enrich this post for all.