Learn why these common misconceptions about CCPA compliance for bloggers are false myths and can actually get you and your blog in trouble. The CCPA may apply to you and you may need to comply. Start working towards your CCPA compliance and make your blog CCPA compliant today.

Privacy icons and privacy over-text for CCPA compliance for bloggers

The state of California has long been at the forefront of regulating online privacy in the United States.

It was first with Caloppa, and now with the CCPA. 

Although these two pieces of legislations both protect the rights to privacy of California residents, the CCPA requires much more than Caloppa and set a much higher standard of rights to privacy and consumer protection. 

CCPA compliance for bloggers seems much more complex than what it was required under Caloppa.

To the point that the CCPA has been referred to by many as America’s GDPR or GDPR light.

However, the release of these new regulations has been surrounded by confusion and misconceptions. 

First of all, not many bloggers are aware of the CCPA to start with.

And so, if you’re here, kudos to you!  

That means you are way ahead of the average blogger and it’s great that you take your blog seriously and want to protect your business legally.

But in reality, not many bloggers know about the CCPA and even those who know about it may dimiss it thinking that it wouldn’t apply to their blog.

This is usually due to one of five common misconceptions.

And today, I’m here to debunk these myths so that you are compliant with the law and your blog is legally protected!

But before we dive in, please let me quickly go through my disclaimers and disclosures.

Also, this post is quite long so if you’re in a bit of a rush, don’t worry, you can always pin it and come back to it later when you’re ready to work on your CCPA compliance for your blog.

DISCLAIMER: Although I’m a lawyer specialized in International and EU Law (LLB, LLM, PhD) by profession, this article is meant for educational and informational purposes only. It doesn’t constitute legal advice and doesn’t create an attorney-client relationship. I will not be held liable for any losses or damages caused by acting or failing to act on the ground of the content of this article. Should your circumstances require, I encourage you to seek legal advice through other avenues. Please read my full disclaimer for further information.

This post may contain affiliate links, which means we may receive a commission, at no cost to you, if you make a purchase through a link. Please see our full disclosure for further information. If not otherwise stated, all prices are intended in US$.

What’s CCPA

 

So, first things first.

What’s the CCPA?

Well, CCPA stands for California Consumer Privacy Act.

And it’s a new piece of legislation of the State of California which was signed into law in June 2018 in the aftermath of the Cambridge Analytica scandal.

The CCPA is intended to enhance privacy rights and consumer protection for residents of California.

The CCPA applies to any business – including blogs – that have customers from California if some conditions are met. 

This new law may or may not apply to you depending on your specific circumstances. 

But it may apply even if you’re not based in California. 

Effective on the 1st of January 2020 and enforceable by July of the same year, the CCPA requires you to take some action towards compliance. 

I have discussed what these new regulations means for bloggers with my friend Sasha Lassey of EveryDayShesSparkling.com in her Facebook group Blogging Babes Collective and you can catch our interview in this replay video.

And you can always join my own Facebook Group Blogging for New Bloggers (25K+ selected members) for help and support with the legal side of blogging and blogging in general. If you’re not part of this community, honestly, you’re missing out!

What happens if you don’t comply with the CCPA?

 

If you don’t comply with the CCPA, you may expose yourself and your blog at the risk of fines and lawsuits.

Fines

 

Although the fines are not as steep as those under the GDPR which can go up to 20 million Euro, the fines under the CCPA are still something that can set you and your blog back. 

You can face fines for up to $2,5oo for each violation and up to $7,5o0 dollars for each intentional violation. 

Lawsuits

 

In addition to that, the CCPA affords the private right to action to consumers.

So, your users may sue you to recover damages for not less than 100 dollars  and not more than 750 dollars per consumer per incident, which means that you will get charged for each incident separately even if it’s about the same consumer so this can add up pretty quickly. 

However, many bloggers are under the wrong impression that the CCPA doesn’t apply to them. As a consequence, they’re not working towards CCPA compliance leaving themselves and their blogs exposed to risks of fines and lawsuits.

This is usually due to one or more of the following 5 common misconceptions. 

legal courses + templates for bloggers

Legally Blogs
Legal Course for Bloggers
FREE
  • Access from all your devices
  • Lifetime access to current and future updates
  • BONUS: Facebook Group
  • Suitable for bloggers worldwide
Legal Bundle Value Pack
Legal Templates for Bloggers
premium
  • 4 legal templates - bundle
  • Extra bonuses included
  • Save $50+
  • Access from all your devices
  • Lifetime access to current and future updates
  • Suitable for bloggers worldwide
best-selling
GDPR compliant blog
Legal Course for Bloggers
premium
  • Privacy policy + cookie policy included
  • 10+ extra bonuses
  • Access from all your devices
  • Lifetime access to current and future updates
  • Suitable for bloggers worldwide

Myth #1 – I don’t process personal data

 

The first misconception is that some bloggers may erroneously believe they don’t process any personal information.

For example, they may think

“Well, I don’t have an email list, I don’t collect email addresses so I don’t process any personal data and so the CCPA doesn’t apply to me.”

But that’s not true!

And this is because personal data is a broad definition.

It can be anything that can be used to identify an individual.

Under the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably linked directly or indirectly with a particular consumer or household. 

So, yes, of course, name, email address, date of birth, but also their login details, their location data, their IP address, their cookies, and so on.

With the clarification that personal information under the CCPA definition does not include publicly available information.

And so, even if you think you’re not processing any data, you, as a blogger, are most likely to process personal data on a regular basis.

There are so many activities or tasks performed on your blog every day that involve data processing.  

Yes, the first that comes to mind is when someone joins your newsletter or email list and gives you their name and email address.

But it’s not only that. 

Just to give you a few examples:

  • Contact forms – In your contact page, you may use forms requesting a name and email address.
  • Comment systems – In order for users to comment on your blog, your comment system or plugin probably require them to leave their email address and other information such as name and a link to their website.
  • Google Analytics – They track tons of information relating to your users, including their location, type of operating system, browser type, duration of stay, time of visitation, etc.
  • Cookies – All the data that you collect about your visitors using cookies installed on their devices.
  • Login details and history into membership areas or affiliate dashboards.
  • And so much more.

You may need to comply with the CCPA even if you don't collect email addresses!

Myth #2 – The CCPA only applies to bloggers based in California 

 

The other misconception is that being the CCPA a legislation of California, many people think it only applies to bloggers located in California. 

So, let’s clarify this. Let’s take a closer look at the territorial application of the CCPA.

If you are located in another state of the US, so you’re not based in California, or if you’re located in Australia, or Canada, South Africa, India or anywhere else in the world…

Does the CCPA apply to your blog?

 

The answer to this question is that … it might.

In fact, whether the CCPA will apply to your blog or not, it depends on your specific circumstances and whether you meet certains conditions and thresholds. 

But before we go through these conditions and thresholds, please let me make it  crystal clear that while the CCPA affords rights and consumer protection only to your visitors from California, i.e. only those located in California, you DO NOT need to be based in California for it to apply.

The CCPA is a Californian privacy act and so it protects the rights of California residents.

However, it does the potential to apply outside of California if some conditions are met.

This means two things:

  1. The CCPA may apply to you even if you’re not from California as long as you do business in California, e.g. you have visitors from California
  2. If the CCPA applies to you, you need to ensure you afford these rights to your visitors from California but you’re not required by law to do the same for all your other visitors, unless of course, you want to. 

The CCPA applies to any business which can be a sole proprietorship, a partnership, a company, a corporation so any business (including blogs) that does business in the State of California, and that satisfies one or more of the following three conditions:

  1. Has annual gross revenues in excess of 25 million dollars.
  2. Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
  3. Derives 50% or more of its annual revenues from selling consumers’ personal information.

Let’s go through these conditions one by one as they are at earth of the next common misconceptions. 

But please bear in mind that these conditions are not cumulative, so if you meet just one of them, the CCPA will apply to you. 

Free Legal course for bloggers

Only available for FREE for a limited time. Enroll before this deal is gone!

Myth #3 – the CCPA only applies to the big fish

 

The first threshold to meet for the CCPA to apply is that you make at least 25 million dollars a year blogging. 

Now, I don’t know about you; you may be killing it with your blog, who knows? 

But I guess this won’t apply to too many blogs.

But the second condition may sound like a lot but it’s actually not. 

In fact, it would take only 137 visitors to your website per day for the CCPA to apply. 

Or it can even be less than that if some visitors use multiple devices to access your blog.

If you don’t know how many visitors you get to your blog off the top of your head you can easily found out this figure by checking under audience in your Google analytics.

 

Does the CCPA apply to small/solo bloggers?

 

This question is closely related to the interpretation of the threshold of 50K annual visitors.

Do these visitors need to be from California or are we talking about your visitors in general?

Because this does make a huge difference.

Well, the CCPA defines consumers as the residents of California and so that part is clear. 

The problem though is that the definition of household or devices in the CCPA is not as clear as it doesn’t specify whether these terms only refer to households and devices located in California or not.

The regulations define household as a person or group of people occupying a single dwelling but doesn’t specify whether these households need to be located in California nor it does for the definition of devices.  

In my view, it would make more sense for a consistent interpretation of the act, to interpret it as households and devices located in California.

Because if the consumers are defined as residents of California it would make much more sense to take the words households and devices to be intended as households and devices located in California.

At the same time, one could argue, if the legislator wanted to refer only to households and devices located in California, then the CCPA would expressly said so, as does it for the definition of consumer.

So there are definitely valid arguments for both interpretations.   

But and there is a but. 

When it’s about protecting your blog legally, always err on the side of caution so, when in doubt always take the most conservative approach.

And this is because if you interpret legislation conservatively and you’re wrong you have just afforded a higher standard of protection to your users than what you would be required by law but that’s still a nice and commendable thing to do after all.

While in the opposite scenario, if you’re wrong, you are exposing yourself and your blog at the risk of fines, complaints and lawsuits. 

Obviously, it all depends on your risk tolerance and if you’re fine with dealing with lawsuits or paying fines in the thousands if case be, then that’s alright.

But generally speaking,  my suggestion is to always take a conservative approach which means in this case,

until this will be specifically clarified by the legislators or caselaw, the safest option is to take the threshold of 5oK visitors as meaning any devices regardless of whether they’re located in California or not.  

And so if that means any visitors, and not only those from California, 137 visitors a day are nothing.

Most blogs would reach that threshold within the first year of blogging. 

If on the other hand, it should be intended as 137 visitors located in California a day, which does seem to be more in line with the whole rationale of the act in general, it’s still not something that can’t be easily achieved by a small business or a small blog. 

Think of niche blogs targeting Californians or real estate blogs, travel blogs… – it could be anything really. 

So, dismissing the CCPA as something that would only apply to large businesses is a total  misconception that could get you in trouble. 

And from the day the CCPA was passed in June 2018, there has been ongoing criticism and debate about the fact that the CCPA was introducing requirements that would be too onerous for small businesses and especially for small businesses solely operating online, such as for example, the requirement to have a toll-free number.

No, don’t worry, you won’t be required to operate a toll free number for your blog, because this requirement has been amended so that small businesses operating only online would be exempted.

The point I’m making here is if the CCPA only applied to large businesses, then what months and months of debate were about, right?

Or what these exemptions for small businesses operating exclusively online, would even mean, right?

So, yes, the CCPA may apply to small businesses and blogs.

However, unlike the GDPR, it only applies to businesses, meaning only blogs for profit.

So, if you blog as a hobby and you don’t make money blogging, then the GDPR may apply to you but the CCPA definitely DOES NOT apply to you. 

On the contrary, if your aim is to make money through blogging, then the CCPA may apply to you if you meet one of those three thresholds and you will need to comply. 

And speaking of thresholds, let’s what’s the third one.

The last threshold is if the business derives 50 percent or more of its annual revenues from selling consumers’ personal information.

Which brings us to the next myth. 

But before we move on to the next misconception, let me remind you that these conditions are not cumulative. It suffice to meet just one of these conditions – most likely the second one, i.e. the condition about the 50K consumers, households and devices – for the CCPA to apply to you.

Need help with CCPA compliance?

Check out this CCPA compliance for bloggers bundle to make your blog CCPA compliant in less than 1/2 hour!
SPECIAL

Myth #4 – I don’t sell personal information

 

Another common misconception is that you as a regular blogger don’t sell personal information.

While is true that most bloggers don’t directly sell personal information of their visitors or subscribers to third parties in exchange for money, you have to remember that as I mentioned earlier, personal information is a broad definition that includes  browsing history, search history, and information regarding the interaction of your users with your website or ads. 

Plus, the CCPA definition of selling of personal data is also very broad. 

Under the CCPA selling personal information means selling, renting, releasing, disclosing, disseminating, making available, transferring, etc. personal information orally, in writing, or by electronic or other means, to another business or a third party for financial or other valuable consideration.

So, basically, if you’re running target ads on your blog, you are selling personal information under the CCPA. 

If you have the Facebook pixel installed on your blog, you’re selling information under the CCPA.

If you run Facebook ads and upload a custom audience, then again, you’re selling personal information. 

But there are a few exceptions.

If you share with a service provider personal information that is necessary to perform a business purpose, that’s not considered sale. 

And so for example, when I share the personal information of my subscribers with ConvertKit, that’s not selling personal information under the CCPA as long as I provide notice that this is what happens in my terms and conditions (which I do) and as long as ConvertKit doesn’t re-sell their information to third parties (which they don’t).

You think you're not selling personal information but under the CCPA, your blog may be selling personal information! Find out here why!

Myth #5 – If my blog is GDPR compliant, it’s also CCPA compliant

 

False!

It’s true that the CCPA and GDPR are quite similar. 

Sure, there are some differences between the two but there is also lots of similarities.

Although the GDPR is much stricter, in their basic intent both laws are quite similar. They aim to give users the right to control and understand what personal information gets collected and with whom it may be shared. 

It’s also true that if your blog is fully GDPR compliant, then there is really little that you need to do to work towards your CCPA compliance.

If you have taken my GDPR Compliant Blog course, your CCPA compliance will be quite easy because you’ve done 90% of the work already and for some things you’ve actually done more than what the CCPA requires from you. 

YAY!

At the same time though they’re not exactly the same so even if your blog is fully GDPR compliant you still need to take some extra steps to also make it CCPA compliant.

For example, the CCPA requires that you offer the possibility to opt out from the sale of personal information to your users and you need to have conspicuous do not sell my personal information link on your home page. 

By contrast, the GDPR doesn’t require this. 

But that’s not the only extra requirement under the CCPA.

The CCPA only applies to bloggers in California. FALSE! That's a myth! Find out whether the CCPA applies to you here.

CCPA Compliance for Bloggers

 

So, what do you need to do to comply with the CCPA?

Well, the CCPA provides users who resides in California with 5 main privacy rights:

  1. the right to know what data is being collected, sold or disclosed about them
  2. the right to access the data  you have collected about them
  3. the right to request their data to be deleted 
  4. the right to opt out from the sale of their personal data
  5. and the right to equal service and price, even if they exercise their privacy rights.

In order for you to afford your users from California each and everyone of these rights and so in order for you to be CCPA compliant, you will need to change or add a few things to your blog.  

First of all, you will need to have a CCPA Compliant privacy policy

And that’s why, I have updated my privacy policy workshop and template to make it CCPA compliant. So, if you’re one of the students enrolled in my  privacy policy course, you already have access to the CCPA update, including a CCPA + GDPR compliant template, at no extra cost to you.  

Secondly, you will have to add a conspicuous Do Not Sell My Personal Information Link on your homepage (or a separate page for visitors from California) and your privacy policy, directing to an opt out page which needs to meet specific requirements. 

If you offer freebies, you will also have to add a notice of financial incentives.

Moreover, you will have to implement a few processes to handle privacy rights requests and uphold your ongoing obligations under the CCPA.

I know, it may sound overwhelming but once you know what to do, it’s actually quite simple to make your blog CCPA compliant.

If you need help with your CCPA compliance for your blog, I got you covered!

I prepared a Masterclass where I give you tons of actionable tips on what you need to do right now to make your blog CCPA compliant in 5 easy steps.

CCPA for Bloggers Masterclass

 

Computer with overlay text CCPA for Bloggers Masterclass

My CCPA Compliance for Bloggers Masterclass covers everything you need to know and do to make your blog CCPA compliant.

In this Masterclass, I will walk you through

  • What the CCPA is
  • Whether it actually applies to you
  • What you need to do to comply with the CCPA
  • More importantly, I will give you tons of actionable tips on how to work towards your compliance in just 5 easy steps.
  • We will see how you can make your blog CCPA compliant easily with the help of a plugin
  • We will talk about how you can offer freebies lawfully under the CCPA
  • And finally, we will discuss what happens if you don’t comply with the CCPA.

You can enroll in my Masterclass here. Get advantage of the launch price. Only available for a limited time.

After you enroll in my CCPA for Bloggers Masterclass, you’ll finally be able to make your blog CCPA compliant in just 5 easy steps.

Now, because one of these steps is to have a CCPA compliant privacy policy, I also made available a CCPA compliance for bloggers bundle so that you can get both my Masterclass and my Privacy Policy WorkShop and Template at a discounted price.

Thousands of bloggers have already taken my masterclass and my legal courses and have left raving testimonials and reviews.

CCPA Compliance for Bloggers Bundle

Computer with overlay text CCPA compliance bundle

Have no time to figure out legal requirements and how to write your CCPA + GDPR + FTC compliant privacy policy?

Don’t have the budget to consult with a local lawyer who will charge you upwards of $300 an hour and may not fully understand your needs as a blogger?

No need to worry!

The CCPA Compliance for Bloggers Bundle is all you need!

It includes my CCPA for Bloggers Masterclass AND my Privacy Policy Template Course which comes with a plug-and-play CCPA + GDPR + FTC compliant privacy policy perfect for bloggers.

You will have everything you need to make you blog CCPA compliant in less than ½ hour!

And when you get the bundle, you will save $$!

You can get your CCPA Compliance for Bloggers here.

Need help with CCPA compliance?

Check out this CCPA compliance bundle to make your blog CCPA compliant in less than 1/2 hour!
SPECIAL

Why you need to comply with the CCPA 

 As we’ve seen, most of the information surrounding the  CCPA are actually false myth and most bloggers may actually need to comply with the CCPA. The CCPA is the law and so, if it does apply to you, you will need to work towards compliance to meet these legal requirements or else you will expose yourself and your blog at the risk of facing fines and lawsuits. 

But please bear in mind that even in the event the CCPA doesn’t apply to you, you may want to look into it anyway and see whether you would like to comply with it completely or in part. 

In fact there are several reasons why you as a blogger may want to comply with the CCPA even if you’re not required by law to do so.

Here are a few reasons you may want to consider:

Ethics

Ethically, you agree with the standards of privacy and data protection afforded by the CCPA (and/or the GDPR) and want to ensure the same standard to all your users.

Partnerships

In the future, you may be requested to do so by partner brands, ad networks, and affiliate programs TOS (it has happened in the past for other regulations, e.g. the GDPR, the FTC guidelines). 

Professionalism

You’d like to make your blog look more professional and build trust with your audience.

Thresholds and traffic growth

You’d like to be ready for when you will reach the threshold that will make the CCPA applicable to you.

Kick-starting your compliance with future privacy regulations

You’d like to kickstart your compliance in view of similar data and privacy regulations coming to force soon, such as for example, the Online Privacy Act.

There is a proposed bill in the United States for an Online Privacy Act which would be applicable at the federal level, and would even create a Digital Privacy Agency. 

As a lawyer and GDPR expert, I have been saying for years, that the GDPR would have a domino effect and would cause a chain reaction and as a result, many other similar privacy regulations would be issued around the world. 

Now this all happening.

The CCPA is here.

Other regulations will come.

Don’t stay behind.

Work on your GDPR and CCPA compliance today.

If you need help, check out my FREE and premium legal courses for bloggers, or let me know in the comment section how I can help you to make your blog compliant.  

join our school
FREE & premium courses open for enrollment. Get started today!

Related posts to ccpa compliance for bloggers

legal courses + templates for bloggers

Legally Blogs
Legal Course for Bloggers
FREE
  • Access from all your devices
  • Lifetime access to current and future updates
  • BONUS: Facebook Group
  • Suitable for bloggers worldwide
Legal Bundle Value Pack
Legal Templates for Bloggers
premium
  • 4 legal templates - bundle
  • Extra bonuses included
  • Save $50+
  • Access from all your devices
  • Lifetime access to current and future updates
  • Suitable for bloggers worldwide
best-selling
gdpr compliant blog
Legal Course for Bloggers
premium
  • Privacy policy + cookie policy included
  • 10+ extra bonuses
  • Access from all your devices
  • Lifetime access to current and future updates
  • Suitable for bloggers worldwide

You may also like

The California Consumer Privacy Act is the new privacy law adopted by California. DOES THE CCPA APPLY TO YOUR BLOG? Do you need to update your privacy policy?  There are 5 misconceptions that can get you and your blog in trouble, read more to debunk these myths and legally protect your blog!
 
Even if your blog is GDPR compliant you still need to take some extra steps to also make it CCPA compliant.
 
#CCPA #CaliforniaConsumerPrivacyAct #Bloglegally #GDPR #PrivacyPolicy
Lucrezia Iapichino

Lucrezia Iapichino

Hi there! I’m the co-founder of Blogging for New Bloggers and Tinylovebug.com + a lawyer & university lecturer (LLB, LLM, PhD in International and EU Law). I use the combination of my research, teaching, and blogging experience + over 15 years’ legal expertise to show new bloggers, like you, how to blog profitably and legally. I've helped 2,000+ bloggers start and run a successful blog. Whether you want to grow your traffic or make money blogging, I will help you achieve your full potential! Take my FREE course - Blogging for New Bloggers Fast Track or my FREE course Legally Blogs and set yourself apart from the average new blogger!

Leave a Comment

Your email address will not be published. Required fields are marked *

start a blog

Ditch the 9 to 5! Start a blog for less than a coffee a month.

About Us

We help new bloggers turn their blog into a profitable business. If you’d like to run a successful blog and make money blogging, you’re in the right place. READ MORE >>

popular Posts

LIKE OUR BRAND NEW PAGE

TAKE QUIZ

sTAY IN THE LOOP

Join our newsletter and get actionable blogging tips straight to your inbox! Unsubscribe at any time – Privacy Policy.

Powered by ConvertKit

arrow-for-scroll-to-top

Learn how to protect your blog legally and how to meet all the legal requirements. Avoid lawsuits, formal complaints, and hefty fines. Enroll today. It’s FREE (for a limited time only)!! 

140 Shares
Share55
Pin85
Tweet
Share