Helping Publishers with the California Privacy Rights Act (CPRA)

Helping publishers comply with the California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that outlines the legal requirements for businesses that collect consumer information. This online privacy bill was developed by the California legislature to provide more transparency and control over how personal data for the state’s residents is collected and used. Although the consumer protection legislation was passed in June 2018, it never took effect until January 1, 2020. Its enforcement is set to begin on July 1, 2020, thereby giving businesses ample time to comply with the new regulation.

What does the CCPA offer?

CCPA privacy intends to give California residents the right to control how their personal information is used. It defines personal information as any data that identifies, describes, or relates to a consumer or household. Whether directly or indirectly. This includes biometrics, employment data, academic data, geo-location data, email addresses, IP addresses, tracking pixels, cookie ID, web history, shopping history, and other data points used for advertising, marketing, and reselling purposes.

The CCPA grants California residents the following rights:

  • The right to access information – Residents have the right to ask companies what personal data they collect, what data is shared or sold to third parties, and the reason for doing so.
  • The right to opt-out- Residents can ask companies not to sell their information or share it with third parties.
  • The right to data deletion – Residents can request companies to delete all their personal information.
  • Right to non-discrimination – All California residents should receive equal services and should not be discriminated in any way even when they opt not to share personal data.

How do I know if CCPA applies to my publishing business?

CCPA applies to all for-profit companies based in California. It also applies to all out-of-state businesses, including publishers, who sell to California residents. However, the company should also meet at least one of these criteria:

  • Your publishing company has a gross annual revenue of $25 million and above
  • Your publishing company earns more than 50% of its revenue by selling consumer data
  • Your publishing company collects personal information of more than 50,000 users per year.

Tip- If you’re a publisher earning less than $25 million in annual gross revenue but receive above 134 visitors to your site every day, then the CCPA privacy law also affects you.

Why should publishers care?

Most publishers track consumer data for ad tech use. For this reason, they should be well aware and strive to comply with the CCPA regulations. A survey conducted in 2019 showed that 86 percent of companies were not prepared for CCPA. However, most companies had plans to comply with CCPA privacy regulations by the end of 2020.

Publishers found to be non-compliant might be slapped with a legal fine of $2,500 for unintentional violations or $7,500 for intentional violation of the CCPA privacy law. Additionally, consumers have the right to claim from $100-$750 per incident in terms of statutory damages.

How can publishers comply with the CCPA Regulations?

Publishers should maintain CCPA compliance to safeguard their businesses from undesired legal consequences. This starts by understanding data collection and processing practices on Google Analytics, AdManager, or Adsense. Here are some practices that publishers can use to protect consumer data.

  • Controlling data collection on Google Analytics

Analytics collects a wide range of data in cookies, some of which contain personal information. To comply with the CCPA, publishers should add a privacy policy that assures all readers that their personal information will not be used for advertising or selling purposes. Additionally, give your visitors the option to opt-out. This will automatically stop the Analytics from collecting information about user browsing sessions.

  • Enable restricted data processing

Publishers who use Google Ad manager can restrict user data processing based on their compliance obligations. This allows you to filter out traffic coming from California using a network control and serve non-personalized ads. By displaying a “Do Not Sell My Personal Information” link, publishers can effectively advertise to consumers who ask companies not to sell their personal information.

  • Implement a consent mechanism

Another alternative for publishers using Google Ad Manager is to put a consent mechanism in place instead of restricting data processing for all California-based users. This allows users to consent or opt-out of their information being shared with Google and other ad networks.


As with GDPR, CCPA is another push for enhanced consumer privacy. Similar legislation designed to protect user data is appearing in other American states and around the globe. While the legislation will directly impact over half a million businesses, enhanced data security is great for everyone in the long run. Time has come for publishers to place data security and privacy at the core of their business ethos. So, every publisher must prepare for CCPA privacy by assessing their consumer information and embracing compliant solutions while generating revenue.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *