CCPA
The California Consumer Privacy Act - a state privacy law giving California residents rights over their personal data including the right to know, delete, and opt out of sale of their information.
Also known as: California Consumer Privacy Act, CPRA
Why It Matters
CCPA applies to businesses that serve California residents and meet certain revenue or data volume thresholds. It was strengthened by the California Privacy Rights Act (CPRA) which added more requirements.
For analytics, CCPA requires a "Do Not Sell My Personal Information" link, honoring opt-out requests, and disclosing what categories of personal information you collect. The definition of "sale" is broad and can include sharing data with analytics vendors.
How to Track in KISSmetrics
Implement opt-out mechanisms that integrate with KISSmetrics. Track opt-out rates to understand data coverage. Use server-side tracking and first-party data strategies to maintain analytics capabilities while respecting privacy choices.
Common Mistakes
- -Assuming CCPA is less strict than GDPR - it has unique requirements GDPR does not cover
- -Not treating analytics data sharing as a potential "sale" of personal information
- -Only adding a privacy link in the footer without actually implementing the technical opt-out
Pro Tips
- +Implement the Global Privacy Control (GPC) signal detection as required by CPRA
- +Review your analytics vendor contracts to ensure they qualify as "service providers" not "third parties"
- +Maintain a data inventory that maps every piece of personal information you collect
Related Terms
GDPR
The General Data Protection Regulation - a comprehensive EU privacy law that governs how organizations collect, process, and store personal data of EU residents.
Consent Management
The process of collecting, storing, and honoring user preferences about how their personal data is collected and used, typically through cookie banners and preference centers.
Privacy by Design
An approach that embeds data protection and privacy considerations into the design and architecture of systems and processes from the start, rather than adding them as afterthoughts.
Data Processing Agreement (DPA)
A legally binding contract between a data controller and data processor that outlines how personal data will be processed, protected, and handled in compliance with privacy regulations.
See CCPA in action
KISSmetrics tracks every user across sessions and devices so you can measure what matters. Start free - no credit card required.