Back to Glossary

California Consumer Privacy Act (CCPA) Defined

The California Consumer Privacy Act (CCPA) is a comprehensive privacy law aimed at enhancing privacy rights and consumer protection for residents of California. The CCPA was passed in June 2018 and became effective on January 1, 2020.

Among the many protections outlined in the CCPA, consumer data rights, opt-out rights, and non-discrimination policies take center stage.

The CCPA holds significant importance in the modern digital age due to its profound impact on safeguarding individuals' privacy and granting consumers greater control over their personal information. The goal of the CCPA is to place privacy at the forefront of online business, fostering transparency and trust between brands and their customers. The law compels businesses to disclose their data practices and be more accountable for the information they collect and share, encouraging responsible data handling.

How to Use it in a Sentence

The California Consumer Privacy Act (CCPA) serves as a model for other privacy regulations worldwide, promoting discussions around data protection and influencing the adoption of similar laws to protect individuals' digital rights.

Common California Consumer Privacy Act FAQs

On January 1st, 2023 the CCPA was officially amended by the ​​California Privacy Rights Act (CPRA), which strengthened many of the protections set forth in the original act.

The amendment gives consumers the right to limit businesses’ ability to collect, use, and share private information like social security numbers, driver’s license numbers, financial account numbers, and more.

The CPRA also created a “California Privacy Protection Agency” tasked with regulation enforcement and tripled the penalty for mishandling children’s information.

Discover more information on the CPRA and a full list of changes.

The CCPA covers a broad range of personal information, which includes but is not limited to identifiers such as names, email addresses, postal addresses, and IP addresses. It also covers unique online identifiers, geolocation data, biometric information, browsing and search history, consumer preferences, purchase history, and any inferences drawn from the above data.

The CCPA applies to businesses that meet one or more of the following criteria:

1 . Annual Gross Revenue: Businesses with an annual gross revenue of $25 million or more in the preceding calendar year.

2. Personal Information Threshold: Businesses that buy, receive, sell, or share the personal information of 50,000 or more California residents, households, or devices annually.

3. 50% Revenue from Personal Information: Businesses that derive 50% or more of their annual revenues from selling the personal information of California residents.

4. Parent Company or Subsidiary: The CCPA also applies to any entity that controls or is controlled by a business that meets the above criteria and that shares common branding with that business.

The CPRA maintains the same criteria as the CCPA but adds a new category for businesses that handle the personal information of 100,000 or more consumers or households, broadening the scope of covered entities.

It's important to note that even if a business is not physically located in California, it may still be subject to the CCPA if it meets any of the criteria mentioned above and collects or processes personal information of California residents.

OneSignal is officially Privacy Shield Certified, bringing world-class security to our entire OneSignal family. Among the security features included are two-factor authentication, email updates for account changes, user authentication key reset, and bad password prevention.

To read more about how these security measures keep your data safe, read our OneSignal security announcement.

Learn more about OneSignal’s Privacy Policy and the steps we take to protect user data.