Our posts contain affiliate links. Sometimes, not always, we may make $$ when you make a purchase through these links. No Ads. Ever. Learn More
Concerns over consumer privacy are at an all-time high. But thankfully, there are now many legislative efforts to guarantee data subjects greater control over their online privacy—for example, the California Consumer Protection Act (CCPA). The CCPA is a list of statutes geared towards protecting the data of residents of the state of California. Although there are many statutes, right now, we’ll dive into Google Analytics and the CCPA, examining how the new laws affect businesses and consumers.
For more helpful information, we have additional articles covering many topics, including a primer on what Google ads tracking is and the difference between a Facebook pixel and Google Analytics. If you want to learn more about what your rights are under the CCPA, you can read our piece on the CCPA’s “Do-Not-Sell” rule.
Businesses looking to guarantee compliance with the CCPA can use a consent management tool that scans their website and alerts them of any potential areas that may fall outside the privacy rights boundaries.
The CCPA went into effect in 2020, but many still need to understand what it is and how it’s changing the landscape regarding their online identity. The main goal of the CCPA is to give users more control over how their data is handled.
Before, when companies had consumers give away their data, there was little a user could do to change it. They were locked in as soon as the terms and conditions were agreed to.
However, the CCPA allows users to voice their desires to keep their data private. This may sound good, but it’s only useful if you understand how it relates to the various online tools that collect your data, like Google Analytics.
Google Analytics (GA) is the most popular tool for gathering and storing user data. While GA doesn’t collect sensitive personal information (PI), it does assign ClientIDs, which place cookies on devices and track user behavior over time. As the user interacts with a website, GA builds out a profile to help optimize how ads are served.
Because of this, there are instances where users can request that their data be removed. This is because the CCPA defines ClientIDs as a type of personal information. Therefore, businesses that use GA must keep their website’s privacy measures compliant with the guidelines stipulated under the CCPA.
Companies that fail to comply with the CCPA will receive fines. Likewise, businesses may take a reputational hit if it’s discovered they aren’t following rules surrounding data privacy.
It’s essential that business study the rules surrounding GA and ensure that working systems are in place to handle any requests from their data subjects regarding erasing information.
STAT: If an organization purchases or sells PI from 50,000 or more California residents, it’s considered a business, according to the CCPA. Therefore, the organization must also follow the rules surrounding data privacy. (source)