California Consumer Privacy Act (CCPA) comes into effect on January 1st.

Alpha1

Alpha1

Well-known member
California's version of the GDPR comes into effect in a few days. If your site has members in California then you should review the new law. If you have already implemented GDPR measures then it seems that few changes are needed. But i suggest to examine it well, because users can sue you for breaching the CCPA.

More information here:
www.oag.ca.gov

California Consumer Privacy Act (CCPA)

Updated on March 13, 2024 The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.
www.oag.ca.gov www.oag.ca.gov
www.caprivacy.org

California Privacy Rights Act | Californians for Consumer Privacy

Californians for Consumer Privacy is the author and sponsor of Proposition 24 — the California Privacy Rights Act of 2020.
www.caprivacy.org www.caprivacy.org

California Consumer Privacy Act 2020: users can claim damages

California is the first US state who seems to be heading for a GDPR like amendment of its privacy laws. Most of the CCPA is similar to the GDPR and contains all the major elements. But it also enables consumers to claim damages for each violation. Here is the summary: Gives consumers right to...
www.theadminzone.com
 
Alfa1 said:
California's version of the GDPR comes into effect in a few days. If your site has members in California then you should review the new law. If you have already implemented GDPR measures then it seems that few changes are needed. But i suggest to examine it well, because users can sue you for breaching the CCPA.

More information here:
www.oag.ca.gov

California Consumer Privacy Act (CCPA)

Updated on March 13, 2024 The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.
www.oag.ca.gov www.oag.ca.gov
www.caprivacy.org

California Privacy Rights Act | Californians for Consumer Privacy

Californians for Consumer Privacy is the author and sponsor of Proposition 24 — the California Privacy Rights Act of 2020.
www.caprivacy.org www.caprivacy.org

California Consumer Privacy Act 2020: users can claim damages

California is the first US state who seems to be heading for a GDPR like amendment of its privacy laws. Most of the CCPA is similar to the GDPR and contains all the major elements. But it also enables consumers to claim damages for each violation. Here is the summary: Gives consumers right to...
www.theadminzone.com
Click to expand...
What measures do you think needs to be in place?
 
Based on this...

it's 50,000 in California annually... which is gonna be hard to hit for Xenforo registrations I think.

www.jdsupra.com

The CCPA's 50,000 California Resident Requirement - Easier to Meet Than It Might Seem | JD Supra

When the California Consumer Privacy Act (CCPA) takes effect in January 2020, it will grant California residents new rights regarding their personal...
www.jdsupra.com www.jdsupra.com

The CCPA applies to all types of for-profit business entities — from sole proprietorships to corporations — that meet one of three criteria: (1) the business has gross revenues in excess of $25 million; (2) the business annually buys, receives, sells, or shares the personal information of 50,000 or more California residents; or (3) the business derives 50% or more of its annual revenues from selling California residents' personal information.
Click to expand...

eh... but then goes on to say, it might be easy to hit.

Moreover, the CCPA broadly defines personal information to encompass "information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." Cal. Civ. Code § 1798.140(o)(1). This includes not only the usual personal information categories such as names, addresses, Social Security numbers, and driver's license numbers, but also additional categories such as IP addresses, purchasing or consuming histories, browsing history, and information regarding a consumer's interaction with a website. Cal. Civ. Code § 1798.140(o)(1)A–J.
Click to expand...

so might not be just registrations
 
Yeah, its visits. Not registrations.
Consequently, if a business's website collects IP addresses, like most do, amassing the personal information of 50,000 California consumers could happen quickly. In fact, this threshold would be met if the website were visited by an average of just 137 California residents per day over the course of the year. This could also be a concern for bloggers and other individuals realizing profits from social media, whose websites may collect personal information from more than 50,000 Californians every year.
Click to expand...
It seems to me that Google Analytics should show if there are more than 50k California visits per year.
 
How are VPNs treated?

Our forum is overseas and a lot of users prefer the CA ones as they tend to be the fastest to provide other services such as Netflix, Hulu, etc.
 
It specifically refers to "California residents".

In most, if not all cases, it would be impossible to know whether the IP address belongs to a resident, or a visitor to the area.
Even if it was a static IP address assigned to a residential household, you have no way of knowing that the person who accessed the site with that IP address is a resident.

Another ridiculous thing most of us can thankfully ignore.
 
Brogan said:
you have no way of knowing that the person who accessed the site with that IP address is a resident
Click to expand...
Good point.

Even though nearly 200,000 Active Duty are assigned to California (0.005%), it's still something to consider. I "lived" in California for training, but would I count as a different state's resident on a personal computer in my barracks?
 
frm said:
Good point.

Even though nearly 200,000 Active Duty are assigned to California (0.005%), it's still something to consider. I "lived" in California for training, but would I count as a different state's resident on a personal computer in my barracks?
Click to expand...

US military personnel can actually have residential exemption. Just like a college student (over 2 million in CA) who may be living in a state for 4-5+ years while going to school, military personnel stationed in a state for numerous years can still be a resident of their "home" state.
 
bzcomputers said:
US military personnel can actually have residential exemption. Just like a college student (over 2 million in CA) who may be living in a state for 4-5+ years while going to school, military personnel stationed in a state for numerous years can still be a resident of their "home" state.
Click to expand...
Exactly. I was still one of the 200,000, but, I wasn't a California resident. My residency was in another state.

So, this is tricky on the technological side of things when people put in "California" or California IP addresses are logged as a view (if it's 50,000 views). It gets to the point of micro-management to ensure that you're not breaking the law when there are many forums in the military community or with overlapping interests.
 
So if you receive a request from California resident to delete their data or to get a copy their data, you should request their address to make certain they are in fact a California resident?
 
wedgar said:
So if you receive a request from California resident to delete their data or to get a copy their data, you should request their address to make certain they are in fact a California resident?
Click to expand...
That's what I did with the GDPR. Such lunacy. "Oh, you want to be deleted? Please send me a drivers license, two recent bills, and a picture of you holding up a piece of paper with my site name so I can prove that I have to delete your information." That's how stupid these laws are. And while this is suppose to help with privacy, how much more information did I just gather to prove the person can be deleted? Any malicious individual can use this information to cause WAY more harm than a couple ads.
 
Back
Top Bottom