CCPA Compliance
Please note that the information provided below is not intended as legal advice and we cannot be held legally responsible for it. We have sought legal counsel and the content on this page reflects our interpretation of the law. If you have any concerns about compliance with CCPA, we recommend sharing this page with your legal team.
The California Consumer Privacy Act (CCPA) is a privacy law in the U.S. state of California that went into effect on January 1, 2020. It gives California consumers the right to request that businesses disclose what personal information they have collected about them, and request that it be deleted.
Do I need to comply with CCPA?
A website owner or company must comply with the CCPA if any of the following apply:
- The company has gross annual revenues in excess of $25 million
- The company buys, sells, or shares the personal information of 50,000 or more consumers, households, or devices
- The company derives 50% or more of its annual revenues from selling consumers' personal information
In addition, the CCPA applies to any business that collects personal information from California consumers, regardless of the size of the business or where it is located. This means that even if a company does not meet the above criteria, it may still be required to comply with the CCPA if it has customers in California.
The CCPA also requires businesses to provide a clear and conspicuous link on their website's homepage titled "Do Not Sell My Personal Information" that allows consumers to opt out of the sale of their personal information.
Does Proxima Comply with CCPA?
The California Consumer Privacy Act (CCPA) applies to personal information, which is defined in the CCPA (1798.140 (o)) as "information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." However, the law text also states that "Personal information" does not include consumer information that is de-identified or aggregate consumer information.
Section 1798.145(5) of the CCPA further clarifies that the obligations of the act do not restrict a business's ability to "Collect, use, retain, sell, or disclose consumer information that is de-identified or in the aggregate consumer information." In order to qualify for this exemption, the information must meet certain requirements as outlined in section 1798.140 (h) of the legal text. Specifically, "de-identified" means:
- Information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer
- A business that uses de-identified information has implemented technical safeguards that prohibit re-identification of the consumer to whom the information may pertain
- The business has implemented business processes that specifically prohibit re-identification of the information
- The business has implemented business processes to prevent the accidental release of de-identified information
- The business makes no attempt to re-identify the information
At Proxima Analytics, we adhere to all of these requirements when de-identifying the personal information (IP addresses) we collect. Despite the strictness of the CCPA, we still encourage the inclusion of information about our company in your cookie and/or privacy notice for the sake of transparency. For more information about our technical setup, please refer to our data journey page. It is worth noting that, unlike many other analytics companies, we are not interested in identifying individuals and have built de-identification into the core of our software.