What’s this all about? Generally, this is a CPRA/CCPA article. There is a great summary by Reflectiz @ https://www.reflectiz.com/blog/cpra-vs-ccpa/
Doing business in Europe? GDPR is another story: https://compleye.io/articles/10-gdpr-requirements-you-must-know-in-2024/
Whether a business has information from over 100K devices from California or not, trust can be gained from site visitors by ensuring the privacy policy is up to date.
1. Provide details about the business location and administrative phone/email
2. Provide details about tech in place
3. Include links to change cookie settings Include a link or email address for data requests, if any is being kept
This step should also include acquiring legal advice. We don’t provide legal advice.
WHY DO IT?
3 red flags for any vigilante whistleblower type:
1. Privacy policy dated before 2024
2. Can’t opt out of tracking/targeting cookies and methods directly
3. Can’t request, change, or delete data
Take care of these three things!
DO YOU QUALIFY FOR ENFORCEMENT?
The answer is yes if your business does any ONE of the following:
1. $25MM revenue
2. Over half of rev is from “selling data” / ads
3. Has data on 100K devices or more
HOW DO IT?
1. Fix the opt-out capability on the website through DNS, CMS, GTM, etc. Or, utilize SaaS like Didomi or Ketch (full disclosure, they are partners)
2. Add a link to a form where data requests can be made, or at least an email address
3. Then, update that privacy policy :)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article