CCPA
E84603
CCPA (California Consumer Privacy Act) is a California state law that grants consumers enhanced rights over their personal data and imposes transparency and data-handling obligations on businesses.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| California Consumer Privacy Act | 1 |
Statements (54)
| Predicate | Object |
|---|---|
| instanceOf |
California state law
ⓘ
consumer protection law ⓘ data privacy law ⓘ |
| allowsPrivateRightOfAction | yes, for certain data breaches ⓘ |
| amendedBy | California Privacy Rights Act ⓘ |
| appliesTo |
businesses meeting certain revenue or data-processing thresholds
ⓘ
businesses that collect personal information of California residents ⓘ businesses that determine the purposes and means of processing personal information ⓘ businesses that do business in California ⓘ for-profit businesses ⓘ |
| civilPenalties |
up to 2,500 USD per violation
ⓘ
up to 7,500 USD per intentional violation ⓘ |
| codeSections | 1798.100–1798.199 ⓘ |
| codifiedIn |
California Codes
ⓘ
surface form:
California Civil Code
|
| country |
United States of America
ⓘ
surface form:
United States
|
| definesTerm |
business
ⓘ
consumer ⓘ sale of personal information ⓘ service provider ⓘ |
| effectiveDate | 2020-01-01 ⓘ |
| enactedBy | California State Legislature ⓘ |
| enforcedBy |
Attorney General of California
ⓘ
surface form:
California Attorney General
|
| enforcementStartDate | 2020-07-01 ⓘ |
| fullName |
CCPA
self-linksurface differs
ⓘ
surface form:
California Consumer Privacy Act
|
| geographicScope | California residents ⓘ |
| grantsRight |
right to access personal information
ⓘ
right to deletion of personal information ⓘ right to know categories of third parties with whom personal information is shared ⓘ right to know purposes for collecting or selling personal information ⓘ right to know sources of personal information ⓘ right to know what personal information is collected ⓘ right to non-discrimination for exercising CCPA rights ⓘ right to opt out of the sale of personal information ⓘ right to receive notice at or before the point of data collection ⓘ |
| jurisdiction |
California, United States
ⓘ
surface form:
State of California
|
| obligates |
businesses that sell personal information to include a Do Not Sell My Personal Information link
ⓘ
businesses to disclose categories of personal information collected ⓘ businesses to disclose categories of personal information sold or disclosed for a business purpose ⓘ businesses to disclose purposes for which personal information is used ⓘ businesses to implement processes for consumer requests ⓘ businesses to provide at least two methods for submitting consumer requests ⓘ businesses to provide privacy notices ⓘ businesses to respond to verifiable consumer requests within specified timeframes ⓘ |
| primaryPurpose | enhance privacy rights and consumer protection for residents of California ⓘ |
| privateRightOfActionScope | unauthorized access and exfiltration, theft, or disclosure of certain personal information due to failure to implement reasonable security procedures ⓘ |
| relatedTo | GDPR ⓘ |
| sectorScope | general, not sector-specific ⓘ |
| signedBy | Jerry Brown ⓘ |
| signingDate | 2018-06-28 ⓘ |
| statutoryDamagesRange | 100 to 750 USD per consumer per incident ⓘ |
| subjectMatter | personal information ⓘ |
| threshold |
annual gross revenues in excess of 25 million USD
ⓘ
buys, receives, sells, or shares personal information of 50,000 or more consumers, households, or devices per year ⓘ derives 50 percent or more of annual revenues from selling consumers’ personal information ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
California Consumer Privacy Act